well, simply blocking traffic from outdoors and using NAT is usually OK
for a SOHO or regular user, but in general access lists ARE NOT A
FIREWALL. They don't keep status of connections and do any realtime
inspection of traffic looking for more then just IP/TCP/UDP
information. A stateful firewall keeps an active table of all
connections and can do a lot more then just deny traffic on basic things
in the layer 3/4 header. If you really want to protect a network don't
just use access lists.
In larger environments, one of the big factors to address is
performance. If you're sitting behind a T-1 with 40 to 50 average users
and a server or two, this may not be a big deal. Any decent software
based firewall or small hardware-based solution should be fine. But if
you're sitting behind a network with hundreds of users, hundreds of
servers, and pushing 50+ Mb/s of traffic out multiple DS-3's, you better
A. Make sure you segment your network and use multiple firewalls.
B. Use a fast hardware based solution.
Some of the bigger firewall platforms out there are Checkpoint's
Firewall-1, Cisco PIX, and my current favorite, Netscreen. I'm not sure
about netscreen's site right now, but Cisco and Checkpoint should have
some basic firewall/security documentation out there about firewalls.
There are plenty of good books on firewalls out there as well as things
on the Internet, but I haven't searched.
David
Sammi wrote:
>
> Hi all,
> In pursuit of a network position I'm often queried as to my knowledge
> of firewalls. During my Cisco studies I haven't seen much mentioned on
> the subject, though I have deduced (correctly?) that access lists can
> effectively be used as a firewall. What are the leading industry
> firewall applications and how do they interact with Cisco products?
> Realizing perspectives are much different on an enterprise level than
> the home network level, is there much difference in principle between
> firewalls the home user might employ (blackice, @guard, etc.) and that
> used on the larger scale? Any recommendations as to links,
> documentation?
>
> As always, my thanks for your advice.
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
