Manualshelf

- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM
391392393394395396397398399400
Firewall Feature Set Overview
XSR User’s Guide 16-9
18. Optionally, if you want to tighten security on the XSR, enter ip ssh server disable to
deactivate SSH.
19. Enter policy telnet to enable Telnet access for the new user.
20. Enter exit to quit AAA user mode.
21. Enter aaa client telnet to permit the new user to employ Telnet.
The XSR is now ready to connect remote login users. Remember to save your configuration
after all edits.
Firewall Feature Set Overview
A firewall is defined generally as a set of related applications or a device dedicated to protect the
enterprise network. Placed at any entry way to a corporation’s private network, a firewall
examines all packets arriving from the Internet and admits or bars traffic based upon its policies.
A firewall may also control inside access to destinations on the Internet or interior resources.
Fundamentally, a firewall monitors and filters network traffic. Depending on your enterprise
needs, you can set up a simple or more robust firewall. For instance, application-level filtering can
be matched to source/destination IP addresses and port numbers for FTP, HTTP, NNTP, or
Telnet; protocol-level filtering can be set on IP protocols such as OSPF, IGP or ICMP; and stateful
filtering can be applied to a session’s state.
Reasons for Installing a Firewall
The rationale for installing a firewall can include the following:
Provide a focal point for security decisions
Segment networks into discrete security zones
Enforce security policy between different security zones to protect proprietary information
from falling into the wrong hands
Enable users to safely connect to and conduct business over a public, untrusted network
(Internet):
Restrict undesirable traffic that may otherwise flow between your internal hosts and the
Internet
Protect internal networks from hostile and malicious attacks
Log network activity
Limit your exposure in case of a successful attack
Ideally, these network nodes should be checked daily for security holes, but since that is
impractical, the next best course is to run a firewall to block all non-essential ports and cut the risk
of attack. A firewall can be conceived as a virtual wall through which “holes” or ports are opened
to allow permitted traffic through as shown in Figure 16-10 which illustrates a topology using the
XSR firewall feature set.