SlideShare a Scribd company logo

Firewall

Download as PPTX, PDF
L
lyndyv

Stateful Packet Inspection (SPI) keeps track of TCP and UDP connections through a state table containing details like source/destination IPs and ports, sequence numbers, and timestamps. It allows established connections from inside to outside but blocks new connections initiated from outside. SPI can detect replayed packets through unexpected sequence numbers or timestamps. By default, the firewall also filters anonymous internet requests, IDENT port 113 requests, and starts dropping connections initiated from outside.

1 of 3
 Stateful Packet Inspection (on by default) ◦ The firewall function keeps track of TCP and UDP connections made by network applications ◦ The firewall maintains a state table and the details of each connection (source IP and port, destination IP and port, sequence no and timestamp)  Connections from the inside network to the outside are permitted and monitored  Reply traffic on an existing connection for inside network from the outside is permitted  New connections from the outside to the inside network are NOT permitted ◦ Stateful Packet Inspection can detect replayed packets by unexpected sequence numbers and timestamps
 Filter anonymous Internet Requests (on by default) ◦ Drops pings from outside hosts and drops connection requests from the outside  Filter Multicast (Off by default) ◦ Multicast traffic is sent to many hosts that are configured as part of a multicast group by registering with the multicast application ◦ Multicast is used to stream multimedia by allowing 1 stream to be sent to the router/switch and then the stream is copied to each registered host ◦ Disable filtering to permit multicast traffic ◦ Enable filtering to prevent multicast DOS attacks  Filter Internet NAT Redirection (disabled) ◦ Block access to other local hosts from a local computer connection via the external NAT address  Filter IDENT Port 113 (on by default) ◦ Drops IDENT requests which ask for info: local and remote ports, OS and username
 SPI is Stateful Packet Inspection ◦ On by default  By default ◦ Drop connections starting from the outside  Drop request for identity info on Port 113 Web filter for proxy, java, activeX and cookies

More Related Content

Firewall

  • 1. Stateful Packet Inspection (on by default) ◦ The firewall function keeps track of TCP and UDP connections made by network applications ◦ The firewall maintains a state table and the details of each connection (source IP and port, destination IP and port, sequence no and timestamp)  Connections from the inside network to the outside are permitted and monitored  Reply traffic on an existing connection for inside network from the outside is permitted  New connections from the outside to the inside network are NOT permitted ◦ Stateful Packet Inspection can detect replayed packets by unexpected sequence numbers and timestamps
  • 2. Filter anonymous Internet Requests (on by default) ◦ Drops pings from outside hosts and drops connection requests from the outside  Filter Multicast (Off by default) ◦ Multicast traffic is sent to many hosts that are configured as part of a multicast group by registering with the multicast application ◦ Multicast is used to stream multimedia by allowing 1 stream to be sent to the router/switch and then the stream is copied to each registered host ◦ Disable filtering to permit multicast traffic ◦ Enable filtering to prevent multicast DOS attacks  Filter Internet NAT Redirection (disabled) ◦ Block access to other local hosts from a local computer connection via the external NAT address  Filter IDENT Port 113 (on by default) ◦ Drops IDENT requests which ask for info: local and remote ports, OS and username
  • 3. SPI is Stateful Packet Inspection ◦ On by default  By default ◦ Drop connections starting from the outside  Drop request for identity info on Port 113 Web filter for proxy, java, activeX and cookies