Page 146 / 224 Scroll up to view Page 141 - 145
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
C-10
Networks, Routing, and Firewall Basics
December 2003, M-10041-01
When a PC accesses a resource by its descriptive name, it first contacts a DNS server to obtain the
IP address of the resource. The PC sends the desired message using the IP address. Many large
organizations, such as ISPs, maintain their own DNS servers and allow their customers to use the
servers to look up addresses.
IP Configuration by DHCP
When an IP-based local area network is installed, each PC must be configured with an IP address.
If the computers need to access the Internet, they should also be configured with a gateway address
and one or more DNS server addresses. As an alternative to manual configuration, there is a
method by which each PC on the network can automatically obtain this configuration information.
A device on the network may act as a Dynamic Host Configuration Protocol (DHCP) server. The
DHCP server stores a list or pool of IP addresses, along with other information (such as gateway
and DNS addresses) that it may assign to the other devices on the network. The FVS328 Firewall
has the capacity to act as a DHCP server.
The FVS328 Firewall also functions as a DHCP client when connecting to the ISP. The firewall
can automatically obtain an IP address, subnet mask, DNS server addresses, and a gateway address
if the ISP provides this information by DHCP.
Internet Security and Firewalls
When your LAN connects to the Internet through a router, an opportunity is created for outsiders
to access or disrupt your network. A NAT router provides some protection because by the very
nature of the Network Address Translation (NAT) process, the network behind the NAT router is
shielded from access by outsiders on the Internet. However, there are methods by which a
determined hacker can possibly obtain information about your network or at the least can disrupt
your Internet access. A greater degree of protection is provided by a firewall router.
Page 147 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Networks, Routing, and Firewall Basics
C-11
December 2003, M-10041-01
What is a Firewall?
A firewall is a device that protects one network from another, while allowing communication
between the two. A firewall incorporates the functions of the NAT router, while adding features for
dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be
recognized when they occur. When an incident is detected, the firewall can log details of the
attempt, and can optionally send e-mail to an administrator notifying them of the incident. Using
information from the log, the administrator can take action with the ISP of the hacker. In some
types of intrusions, the firewall can fend off the hacker by discarding all further packets from the
hacker’s IP address for a period of time.
Stateful Packet Inspection
Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to
ensure secure firewall filtering to protect your network from attacks and intrusions. Since
user-level applications such as FTP and Web browsers can create complex patterns of network
traffic, it is necessary for the firewall to analyze groups of network connection "states." Using
stateful packet inspection, an incoming packet is intercepted at the network layer and then
analyzed for state-related information associated with all network connections. A central cache
within the firewall keeps track of the state information associated with all network connections.
All traffic passing through the firewall is analyzed against the state of these connections in order to
determine whether or not it will be allowed to pass through or be rejected.
Denial of Service Attack
A hacker may be able to prevent your network from operating or communicating by launching a
Denial of Service (DoS) attack. The method used for such an attack can be as simple as merely
flooding your site with more requests than it can handle. A more sophisticated attack may attempt
to exploit some weakness in the operating system used by your router or gateway. Some operating
systems can be disrupted by simply sending a packet with incorrect length information.
Page 148 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
C-12
Networks, Routing, and Firewall Basics
December 2003, M-10041-01
Ethernet Cabling
Although Ethernet networks originally used thick or thin coaxial cable, most installations currently
use unshielded twisted pair (UTP) cabling. The UTP cable contains eight conductors, arranged in
four twisted pairs, and terminated with an RJ45 type connector. A normal "straight-through" UTP
Ethernet cable follows the EIA568B standard wiring as described in
Table 9-1
.
Uplink Switches and Crossover Cables
In the wiring table, the concept of transmit and receive are from the perspective of the PC. For
example, the PC transmits on pins 1 and 2. At the hub, the perspective is reversed, and the hub
receives on pins 1 and 2. When connecting a PC to a PC, or a hub port to another hub port, the
transmit pair must be exchanged with the receive pair. This exchange is done by one of two
mechanisms. Most hubs provide an uplink switch which will exchange the pairs on one port,
allowing that port to be connected to another hub using a normal Ethernet cable. The second
method is to use a crossover cable, which is a special cable in which the transmit and receive pairs
are exchanged at one of the two cable connectors. Crossover cables are often unmarked as such,
and must be identified by comparing the two connectors. Since the cable connectors are clear
plastic, it is easy to place them side by side and view the order of the wire colors on each. On a
straight-through cable, the color order will be the same on both connectors. On a crossover cable,
the orange and blue pairs will be exchanged from one connector to the other.
Table 9-1.
UTP Ethernet cable wiring, straight-through
Pin
Wire color
Signal
1
Orange/White
Transmit (Tx) +
2
Orange
Transmit (Tx) -
3
Green/White
Receive (Rx) +
4
Blue
5
Blue/White
6
Green
Receive (Rx) -
7
Brown/White
8
Brown
Page 149 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Networks, Routing, and Firewall Basics
C-13
December 2003, M-10041-01
Cable Quality
A twisted pair Ethernet network operating at 10 Mbits/second (10BASE-T) will often tolerate low
quality cables, but at 100 Mbits/second (10BASE-Tx) the cable must be rated as Category 5, or
"Cat 5", by the Electronic Industry Association (EIA). This rating will be printed on the cable
jacket. A Category 5 cable will meet specified requirements regarding loss and crosstalk. In
addition, there are restrictions on maximum cable length for both 10 and 100 Mbits/second
networks.
Page 150 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
C-14
Networks, Routing, and Firewall Basics
December 2003, M-10041-01

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top