Eicon Networks S92 Uživatelský manuál stáhnout pdf (Strana 99)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 99

FW1.

DefiningtheInterfaces:

VisNetichasitsrulesconfiguredonaperinterfacebasis.So,fortraffictopass

throughitandobtainafeedbackfromtheotherside,configurationmustbemadeon

all theinterfacesinvolved.

VisNetic_1hasthefollowinginterfaces:

n 192.168.16.6(tothecoreswitch/Core_Net)

n 192.168.18.1(toInternal_Servers)

n 192.168.21.1(toCritical_Resources)

n 192.168.22.1(toRAS_Net)

TheConfigurationWizardcanbeusedtoputtheidleinterfacestoan “unused”state.

Wecannotrelysolelyonthefirewalltoprovideallsortsof protections!!!

IhaveallowedInternal_Clients,Internal_DevandRAS_Netusersaccessto

Internal_Serverswithwhateverprotocolstheylike.Therationalesare:

n TherearesomanydifferenttypesofservicespossibleinaMicrosoftWindows

basedNetwork,thatmanyoftheseservicesrelyonmultiple protocolsthatare

mutuallydependent.Blockingtheseprotocolsonebyoneispossible,butis

imposingheavyadministrativeburden,especiallywhennewapplications

usingnewprotocolsareregularlyintroduced(given thepaceoftechnological

advance,thisishighlylikelypossible).

n DifferentusersintheInternal_Clientsgrouprequiresaccesstodifferent

services.Blockingatthefirewallcanbeinflexibleandtroublesome.

Theref oreitisrecommendedthat, forInternal_Servers,accessberestricted

throughtheuseofsystemlevelACLandapplicationlevelauthentication,rather

thanthroughfirewallfiltering.

1 2 ... 94 95 96 97 98 99 100 101 102 103 104 ... 208 209

Žádné komentáře

Eicon Networks S92 Uživatelský manuál Strana 99