[...]... 2001096982 ISBN: 0−7821−4054−8 SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc in the United States and/or other countries 2 4seven and the 2 4seven logo are trademarks of SYBEX Inc 1 Screen reproductions produced with FullShot 99 FullShot 99 © 1991–1999 Inbit Incorporated All rights reserved FullShot is a trademark of Inbit Incorporated TRADEMARKS: SYBEX has attempted throughout... requires its own firewall or network interface Enterprise Firewalls Enterprise firewalls are those products that share a single, centralized firewall policy among multiple firewalls Enterprise firewalls allow you to retain central control of security policy without having to worry about whether or not the policy is correctly implemented on each of the firewalls in your organization The firewall policy is... is replicated among all firewalls in the enterprise • Security Features Many firewalls offer important security features such as virtual private networking and encrypted authentication to allow remote office networking with a high degree of security In many firewalls, VPN is an extra−cost feature that must be enabled by purchasing an additional license • Service Features Some firewalls include services... Documentation, Cost, and Support 392 List of Figures 393 List of Tables 396 List of Tables 397 List of Sidebars 399 x Firewalls 2 4Seven, Second Edition Matthew Strebe Charles Perkins San Francisco London Associate Publisher: Neil Edde Acquisitions and Developmental Editor: Maureen Adams Editor: Colleen Wheeler Strand Production Editor:... and there are different theories from different security experts on how firewalls should be used to secure your network This chapter will explore the operation of a generic firewall in detail, outline the important features you need in a firewall, and discuss how firewalls should be deployed in networks of any size Firewall Elements Firewalls keep your Internet connection as secure as possible by inspecting... between your internal network and external networks like the Internet Strong firewalls protect your network at all software layers—from the Data Link layer up through the Application layer Firewalls sit on the borders of your network, connected directly to the circuits that provide access to other networks For that reason, firewalls are frequently referred to as border security The concept of border... subscription Nearly all firewalls use these basic methods to provide a security service There are literally hundreds of firewall products on the market now, all vying for your security dollar Most are very strong products that vary only in superficial details The remainder of this section covers the five primary functions that most firewalls support Packet Filters The first Internet firewalls were simply... firewalls for Windows NT−based networks In fact, there's no functional reason why the operating system used by a firewall should be the same as that used by the network, since (and only in very special circumstances) you'll never run any other software on the firewall computer In fact, these days, most firewalls come as preconfigured computers running a completely proprietary operating system All firewalls. .. configure the firewall correctly Most Windows−based firewalls are easier to set up than Unix−based firewalls, but many Unix−based firewalls are catching up by using Java or web−based graphical interfaces that run remotely on the administrator's PC Some firewall vendors claim that their products are superior to firewalls based on Windows or standard versions of Unix because the products are based on a "hardened"... Osuna Copyright © 2002 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501 World rights reserved No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher First edition copyright © 2000 SYBEX Inc Library of