Considerations for using packet-filtering routers include the following:
Most routers are capable of performing packet filtering and were often used as the first
firewalls.
They are often used to specifically restrict traffic-only segments for performance reasons.
They are effective border controls, but they do not offer the many additional features that
are present in modern firewalls and shouldn't be used instead of a firewall at a border
between the private network and the Internet.
A good use for these routers is to segment sensitive areas on the internal network.As with
firewalls, care needs to be taken to prevent excessive opening of ports.
They are often susceptible to Internet Protocol (IP) spoofing; they should not be relied on as
the sole means of protection between networks.
Proxy Server Considerations.In the traditional sense, a proxy server simply proxies, or passes
on, traffic from one party to another and serves as a way to expedite traffic across a
gateway, not to inhibit it. Considerations for using proxy servers include the following:
Modern proxy servers serve as border controls. They might require authentication,and they
might restrict access to resources-for example, restricting a specific Microsoft Windows user
group from accessing a range of Internet addresses, or preventing the download of specific
file types.
Many Internet filtering products act as add-ins on proxy servers or firewalls.Many proxy
servers, such as Microsoft ISA Server, do not allow any connection to simply pass though.
Rather, the proxy server creates a connection to the requested resource, such as a Web server,
and relays it to the client. The client itself never actually connects to the Internet.
The primary issue with proxy servers is that they are not firewalls and should not replace
firewalls.
Many proxies include the use of Network Address Translation (NAT). While NAT does hide the
internal addresses, it is not a security control.
access point vs router
Niciun comentariu:
Trimiteți un comentariu