Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
21222324252627282930
Security Authentication before Route Information Exchange 21
Figure 2 Packet filtering elements
Most packet filter systems do not make any operations on data itself or make
contents-based filtering.
ACL
Before the system can filter the packets, you should configure some rules in ACLs
to specify the types of packets allowed or denied.
A user should configure an ACL according to the security policy and apply it to a
particular interface or the whole equipment. After that, the security gateway will
examine all the packets on the interface or all the interfaces based on the ACL and
make forwarding/discard decision on the packets matching the rules. In this way, it
plays the role of a firewall.
Security
Authentication before
Route Information
Exchange
The maintenance of route forwarding table depends on the dynamic route
information exchanging between neighboring security gateways.
Necessity of implementing security authentication before route
information exchange
As the neighboring routers on a network need to exchange enormous route
information, there is the likelihood for a security gateway to receive the network
equipment attacking information sent from unreliable routers. If available with the
route authentication function, a security gateway will be able to authenticate the
switching route update packets received from the neighboring routers and hence
make sure to receive only the reliable route information.
Authentication Implementation
The routers exchanging route information share the same password key that is
sent along with the route information packets. The routers receiving the route
information will authenticate the packets, and verify the password key carried by
the packets. If the key carried by the packets is the same as the shared password
key, the packets will be accepted. If not, they will be discarded.
Authentication implementations fall into simple text authentication and MD5
authentication. The former sends password keys in plain text providing lower
security, whereas the latter sends encrypted password keys providing higher
security.