Table of Contents
Advertisement
communicate with secure systems by mean of a proxy. A key drawback of this
device is performance.
Stateful Inspection Firewalls restrict access by screening data packets against
defined access rules. They make access control decisions based on IP
address and protocol. They also 'inspect' the session data to assure the
integrity of the connection and to adapt to dynamic protocols. The flexible
nature of Stateful Inspection firewalls generally provides the best speed and
transparency, however, they may lack the granular application level access
control or caching that some proxies support.
4. Why do you need a firewall when your router has packet filtering
and NAT built-in?
With the spectacular growth of the Internet and online access, companies that
do business on the Internet face greater security threats. Although packet filter
and NAT restrict access to particular computers and networks, however, for
the other companies this security may be insufficient, because packets filters
typically cannot maintain session state. Thus, for greater security, a firewall is
considered.
5. What is Denials of Service (DoS) attack?
Denial of Service (DoS) attacks are aimed at devices and networks with a
connection to the Internet. Their goal is not to steal information, but to disable
a device or network so users no longer have access to network resources.
There are four types of DoS attacks:
1. Those that exploits bugs in a TCP/IP implementation such as Ping of
Death and Teardrop.
2. Those that exploits weaknesses in the TCP/IP specification such as
SYN Flood and LAND Attacks.
3. Brute-force attacks that flood a network with useless data such as
Smurf attack.
4. IP Spoofing
6. What is Ping of Death attack?
Ping of Death uses a 'PING' utility to create an IP packet that exceeds the
maximum 65535 bytes of data allowed by the IP specification. The oversize
All contents copyright © 2009 ZyXEL Communications Corporation.
P-663HN-51 Support Notes
19
Advertisement
Table of Contents
