Filter
Top Products
ZyAIR Wireless Gateway Series User’s Guide
11-2 Introduction to Firewalls
i. Information hiding prevents the names of internal systems from being made known via DNS to
outside systems, since the application gateway is the only host whose name must be made known to
outside systems.
ii. Robust authentication and logging pre-authenticates application traffic before it reaches internal
hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Filtering rules at the packet filtering router can be less complex than they would be if the router needed
to filter application traffic and direct it to a number of specific systems. The router need only allow
application traffic destined for the application gateway and reject the rest.
11.2.3 Stateful Inspection Firewalls
Stateful inspection firewalls restrict access by screening data packets against defined access rules. They make
access control decisions based on IP address and protocol. They also "inspect" the session data to assure the
integrity of the connection and to adapt to dynamic protocols. These firewalls generally provide the best
speed and transparency; however, they may lack the granular application level access control or caching that
some proxies support. See section 11.5 for more information on Stateful Inspection.
Firewalls, of one type or another, have become an integral part of standard security solutions for enterprises.
11.3 Introduction to ZyXEL’s Firewall
The ZyAIR firewall is a stateful inspection firewall and is designed to protect against Denial of Service
attacks when activated (in SMT menu 21.2 or in the web configurator). The ZyAIR’s purpose is to allow a
private Local Area Network (LAN) to be securely connected to the Internet. The ZyAIR can be used to
prevent theft, destruction and modification of data, as well as log events, which may be important to the
security of your network. The ZyAIR also has packet-filtering capabilities.
11.4 Denial of Service
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their
goal is not to steal information, but to disable a device or network so users no longer have access to network
resources. The ZyAIR is pre-configured to automatically detect and thwart all known DoS attacks.