Billion Electric Company 30 Network Card User Manual


 
157
D.3 Firewall Basics
D.3.1 What is a Firewall?
Firewalls prevent unauthorized Internet users from accessing private networks
connected to the Internet. All messages entering or leaving the intranet pass
through the firewall, which examines each message and blocks those that do not
meet the specified security criteria. With the functionality of a NAT router, the
firewall adds features that deal with outside Internet intrusion and attacks. When an
attack or intrusion is detected, the firewall can be configured to log the intrusion
attempt, and can also notify the administrator of the incident. With this information,
the administrator can work with the ISP to take action against the hacker. Against
some types of attacks, the firewall can discard intruder packets, thereby fending off
the hacker from the private network.
D.3.1.1 Stateful Packet Inspection
BiGuard 30 uses Stateful Packet Inspection (SPI) to protect your network from
intrusions and attacks. Unlike less sophisticated Internet sharing routers, SPI
ensures secure firewall filtering by intercepting incoming packets at the network
layer, and analyzing them for state-related information that is associated with all
network connections. User-level applications such as Web browsers and FTP can
make complex network traffic patterns, which BiGuard 30 analyzes by looking at
groups of connection states.
All state information is stored in a central cache. Traffic passing through the firewall
is analyzed against these states, and then is either allowed to pass through or
rejected.
D.3.1.2 Denial of Service (DoS) Attack
A hacker may be able to prevent your network from operating or communicating by
launching a Denial of Service (DoS) attack. The method used for such an attack can
be as simple as merely flooding your site with more requests than it can handle. A
more sophisticated attack may attempt to exploit some weakness in the operating
system used by your router or gateway. Some operating systems can be disrupted
by simply sending a packet with incorrect length information.