ZyXEL P-660HN-T1A Support Guide - Page 20

P-660HN Series Support Notes Firewall FAQ General 1. What is a network firewall? A firewall is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. The firewall can be thought of two mechanisms: One to block the traffic, and the other to permit traffic. 2. What makes P-660HN-T1A secure? The P-660HN-T1A is pre-configured to automatically detect and thwart Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to determine if an inbound connection is allowed through the firewall to the private LAN. The P-660HN-T1A supports Network Address Translation (NAT), which translates the private local addresses to one or multiple public addresses. This adds a level of security since the clients on the private LAN are invisible to the Internet. 3. What are the basic types of firewalls? Conceptually, there are three types of firewalls: 1. Packet Filtering Firewall 2. Application-level Firewall 3. Stateful Inspection Firewall Packet Filtering Firewalls generally make their decisions based on the header information in individual packets. These headers information include the source, destination addresses and ports of the packets. Application-level Firewalls generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform logging and auditing of traffic passing through them. A proxy server is an application gateway or circuit-level gateway that runs on top of general operating system such as UNIX or Windows NT. It hides valuable data by requiring users to communicate with secure systems by mean of a proxy. A key drawback of this device is performance. 20 All contents copyright © 2010 ZyXEL Communications Corporation.