Filter
Top Products
Prestige 794M User’s Guide
65 Chapter 6 Firewall
1 Information hiding prevents the names of internal systems from being made known via
DNS to outside systems, since the application gateway is the only host whose name must
be made known to outside systems.
2 Robust authentication and logging pre-authenticates application traffic before it reaches
internal hosts and causes it to be logged more effectively than if it were logged with
standard host logging. Filtering rules at the packet filtering router can be less complex
than they would be if the router needed to filter application traffic and direct it to a
number of specific systems. The router need only allow application traffic destined for
the application gateway and reject the rest.
6.2.3 Stateful Inspection Firewalls
Stateful inspection firewalls restrict access by screening data packets against defined access
rules. They make access control decisions based on IP address and protocol. They also
"inspect" the session data to assure the integrity of the connection and to adapt to dynamic
protocols. These firewalls generally provide the best speed and transparency; however, they
may lack the granular application level access control or caching that some proxies support.
Firewalls, of one type or another, have become an integral part of standard security solutions
for enterprises.
Your Prestige includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet
access from your LAN, as well as helping to prevent attacks from hackers. In addition to this,
when using NAT (Network Address Translation), the Prestige acts as a “natural” Internet
firewall, as all computers on your LAN will use private IP addresses that cannot be directly
accessed from the Internet.
The following lists the different security features on the Prestige:
• Firewall: This prevents access from outside your network. The router provides three
levels of security support:
• NAT: This masks the IP addresses of the computers on the LAN invisible to the WAN.
This makes it much more difficult for a hacker to target a machine on your network.
• Firewall Security and Policy (General Settings): Inbound direction of packet filter
rules to block unauthorized computers or applications access to your local network from
the Internet.
• Intrusion Detection: Enable this feature to detect, prevent and log malicious attacks.
• Access Control: Prevents specified local computers from accessing your local network:
• Firewall Security and Policy (General Settings): Outbound direction of packet filter
rules to block unauthorized computers or applications access from the Internet.
• MAC Filter rules: To prevent unauthorized computers from accessing the network
through the Prestige.
• URL Filter: To block computers on your local network from accessing specific web
sites.