2.
Firewall implementations: There are different
implementations of firewalls. Most notable among these
are:
a.
A firewall implemented with the Packet Filters work at
Network Layer of ISO/OSI stack.
b.
A firewall implemented with the Application Layer Gateways
work at the Application Layer of ISO/OSI stack.
c.
A Firewall implemented with stateful technology (like
Checkpoint Firewall-1) works at all layers of IS/OSI
model.
3.
A firewall implemented with stateful inspection technology
(FireWall-1 uses stateful inspection) has several
advantages over packet filter:
|
|
Application
Layer Gateway
|
Packet
Filters
|
Stateful
Inspection
|
|
Communication
Information
|
Partial
|
Partial
|
Yes
|
|
Communication
Derived State
|
No
|
Partial
|
Yes
|
|
Application
Derived State
|
No
|
Yes
|
Yes
|
|
Information
Manipulation
|
No
|
Yes
|
Yes
|
4. The following information are used by Firewall-1
that uses stateful inspection technology:
a.
Communication information from different layers of
TCP/IP stack
b.
The state derived from previous communications
c.
The state derived from other applications, for example,
a previously authenticated user would be allowed to
access through the firewall for authorized services
only.
5. Hardware / software requirements:
-
The following are FireWall-1 GUI Management Clients
Minimum Requirements:
a.
Platforms: Windows 9x,
Windows NT 4.0 SP4, 5, 6, and X/Motif Client.
b.
Disk Space: 40 Mbytes
c.
Memory: 32 MB Minimum and 64 MB recommended.
-
The minimum requirements for installing Management
Server are:
a.
Windows: Windows NT 4.0 (SP4, SP5, SP6)
b.
Solaris 2.6 and Solaris Operating Environment 7 (32 bit
installation mode only)
c.
IBM AIX 4.3.1 and 4.3.2
d.
Red Hat Linux 6.1
e.
SPARC x86 HP-UX 10.20, HP-UX 11.0
6.1 The essential components of a FireWall-1 Single
Gateway Product are:
a.
Management Module - Security management module with
graphical user interface.
b.
Inspection Module - This module is responsible for
implementing access control, Client authentication, and
session authentication. Network Address Translation is
also done here.
c.
Firewall Module - User authentication, and content
security
6.2 FireWall-1's FireWall Module contains the
following components:
d.
FireWall-1 Daemon: This is responsible for communication
modules, clients and hosts.
e.
Inspection Module: Access control, Authentication, NAT
and auditing are the responsibility of Inspection
Module. Inspection module contains INSPECT engine.
f.
Security Server: This is responsible for handling
authentication of packets for any specific service or
protocol.
For Single Gateway product, the FireWall Module and
Management Module must be installed on the same machine.
However, GUI can be installed on another machine.
7. CP 2000 FireWall-1 has 3 GUI programs:
1.
Security Policy Editor
2.
System Status
3.
Log Viewer
8. FireWall-1 is based on Client - Server model of
operation. Note that in FireWall-1, the modules like
Management Server can be separated from the GUI.
9. The basic components of a FireWall-1 Single
Gateway Product are:
1. Management Module - Security management module with
graphical user interface.
2. Inspection Module - This module is responsible for
implementing access control, Client authentication, and
session authentication. Network Address Translation is
also done here.
3. Firewall Module - User authentication, and content
security.
It is possible that a single Management module
manages one or more FireWall modules. The Management
module consists of a GUI client and a Management Server.
10. The FireWall-1 module sits in between the Data
Link and the Network layers ( layer 2 and layer 3).
|
|
|
Please visit our sponsor: |
|
|
Retired CCSA exam notes |
