Table of Contents
Advertisement
The Nokia IP60 Firewall
In other words, on top of the damage done by computer information theft or abuse, unauthorized access to a
computer or a computer network can seriously damage the entire organization's essential operations,
communications, and productivity. For example:
An online store's Web site can be hacked, so customers cannot enter orders.
An unauthorized user can take advantage of an organization's email server to send unsolicited
bulks of email. As a result, the organization's Internet communication lines will be overloaded,
and employees in the organization will be unable to send or receive emails.
Since computer and network security has become a central part of information and general security,
security managers must either have an understanding of computers and networking, or work closely with
network administrators and network security specialists.
The Nokia IP60 Firewall
What Is a Firewall?
The most effective way to secure an Internet link is to put a firewall between the local network and the
Internet. A firewall is a system designed to prevent unauthorized access to or from a secured network.
Firewalls act as locked doors between internal and external networks: data that meets certain requirements
is allowed through, while unauthorized data is not.
To provide robust security, a firewall must track and control the flow of communication passing through it.
To reach control decisions for TCP/IP-based services, (such as whether to accept, reject, authenticate,
encrypt, and/or log communication attempts), a firewall must obtain, store, retrieve, and manipulate
information derived from all communication layers and other applications.
Security Requirements
In order to make control decisions for new communication attempts, it is not sufficient for the firewall to
examine packets in isolation. Depending upon the communication attempt, both the communication state
(derived from past communications) and the application state (derived from other applications) may be
critical in the control decision. Thus, to ensure the highest level of security, a firewall must be capable of
accessing, analyzing, and utilizing the following:
Communication information - Information from all seven layers in the packet
Communication-derived state - The state derived from previous communications. For example,
the outgoing PORT command of an FTP session could be saved so that an incoming FTP data
connection can be verified against it.
Application-derived state - The state information derived from other applications. For example, a
previously authenticated user would be allowed access through the firewall for authorized
services only.
Information manipulation - The ability to perform logical or arithmetic functions on data in any
part of the packet. For example, the ability to encrypt packets.
32
Nokia IP60 Security Appliance User Guide
Advertisement
Table of Contents
Troubleshooting
