2 cissp ® Official Study Guide Eighth Edition

488
Chapter 11 
■
Secure Network Architecture and Securing Network Components
are used to distinguish authorized traffic from unauthorized and/or malicious traffic. Only 
authorized traffic is allowed to cross the security barrier provided by the firewall.
Firewalls are useful for blocking or filtering traffic. They are most effective against 
unrequested traffic and attempts to connect from outside the private network and can 
also be used for blocking known malicious data, messages, or packets based on content, 
application, protocol, port, or source address. They are capable of hiding the structure and 
addressing scheme of a private network from the public. Most firewalls offer extensive log-
ging, auditing, and monitoring capabilities as well as alarms and basic intrusion detection 
system (IDS) functions.
Firewalls are typically unable to block viruses or malicious code (i.e., firewalls do not 
typically scan traffic as an antivirus scanner would) transmitted through otherwise autho-
rized communication channels, prevent unauthorized but accidental or intended disclosure 
of information by users, prevent attacks by malicious users already behind the firewall, or 
protect data after it passes out of or into the private network. However, you can add these 
features through special add-in modules or companion products, such as antivirus scanners 
and IDS tools. There are firewall appliances that are preconfigured to perform all (or most) 
of these add-on functions natively.
In addition to logging network traffic activity, firewalls should log several other events 
as well:
■
A reboot of the firewall
■
Proxies or dependencies being unable to start or not starting
■
Proxies or other important services crashing or restarting
■
Changes to the firewall configuration file
■
A configuration or system error while the firewall is running
Firewalls are only one part of an overall security solution. With a firewall, many of the 
security mechanisms are concentrated in one place, and thus a firewall can be a single point 
of failure. Firewall failure is most commonly caused by human error and misconfiguration. 
Firewalls provide protection only against traffic that crosses the firewall from one subnet 
to another. They offer no protection against traffic within a subnet (in other words, behind 
the firewall).
There are several basic types of firewalls, including static packet-filtering firewalls, 
application-level gateway firewalls, circuit-level gateway firewalls, and stateful inspection 
firewalls. There are also ways to create hybrid or complex gateway firewalls by combining 
two or more of these firewall types into a single firewall solution. In most cases, having a 
multilevel firewall provides greater control over filtering traffic. Regardless, we’ll cover the 
various firewall types and discuss firewall deployment architectures as well:

Download 19,3 Mb.

Do'stlaringiz bilan baham: