Efficient Networks 5800 Series Manual do Utilizador Página 14
- Página / 19
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
Dod/Pritchard Communications
Efficient University Technical Track Copy
-- Draft 4: September 5, 2001--
13
LAN, Router, and Gateway Security
Network Address Translation: NAT and NAPT
Network Address Translation (NAT) allows LANs to use one set of IP addresses internally and a second, different
set of addresses externally. A related standard called Network Address Port Translation (NAPT) translates both IP
(device) and port (e.g., Web, FTP, and Telnet) addresses.
In a typical application, NAT and NAPT are used to allow a very large number of simultaneous (internal)
connections using only a single global (external) address representing the entire private network. To the outside
world it looks as if all nodes inside the private network are processes within the router or gateway (the only device
with an externally visible IP address and/or port address). The computers behind the NAT-enabled router or gateway
can access the Internet, but people and other systems on the Internet can’t access the computers inside the LAN.
NAT therefore provides a first line of defense against intrusion from the outside world: by hiding internal, LAN IP
addresses, NAT provides a simple type of firewall. Outside the LAN, all traffic appears to originate from the single
provider-supplied address, and detection of systems and capabilities on the customer LAN side of the router or
gateway is very difficult. NAT can further facilitate hosting of Web, FTP, and mail servers on a LAN, thereby
providing greater flexibility for the customer.
Efficient Networks 5800 Business Class Routers and the 5950 SHDSL Business Gateway support both NAT and
NAPT, and NAT supports multiple PPTP clients and one server per external (provider-supplied) IP address.
(Additional information on NAT, NAPT, and related applications is available in Module 4: Routing Fundamentals.)
Network Security: IP Filtering Firewall
The Efficient Networks 5800 Business Class Router and 5950 SHDSL Business Gateway use an IP filtering firewall
to check network traffic flow. The filtering process involves examination of data packets received from one interface
to determine whether to route them to another interface or to discard them. When filtering packets, the router or
gateway examines information such as the source and destination addresses contained in the IP packet, the type of
connection, etc., and then screens (filters) the packets based on its configuration; packets are either allowed to be
forwarded or simply discarded.
IP filtering allows the customer (and/or the service provider) to define specific protections for an entire local area
network (LAN). In addition, a “forward” filter makes it possible to configure filtering for both inbound and
outbound packets with fewer commands—a valuable feature when configuring a firewall in LAN-to-LAN or WAN-
to-WAN situations. Filter sets within the 5800 series routers and 5950 gateway are easily configured, and basic filter
sets are available at the Efficient Networks Web site (www.efficient.com).
For troubleshooting purposes, 5800 series routers and the 5950 gateway can be configured to generate a log of
hostile or unusual activity. This tracks packet number and structure and can be examined by a network administrator
or service provider to help determine how rules need to changed (or which rules need to be added) to fine tune the
firewall. (More information on firewalls and how they are used appears in Module 4: Routing Fundamentals.)
Remote Access Security: Virtual Private Networking
VPN is a method for establishing direct and secure point-to-point connections, often from one computer to a remote
network or from network to network. Sometimes called tunneling, VPN services typically include encryption and
other mechanisms to ensure that transferred data is protected against interception or hijacking.
In the 5800 series routers and the 5950 gateway, tunneling can originate within the router or gateway rather than at
the desktop. This has several advantages. First, since no software need be installed at the desktop, the service is
easier to deploy. VPN at the CPE is also more efficient and provides better performance, and some devices include
Manuais e produtos relacionados com Redes Efficient Networks 5800 Series
Redes Efficient Networks 5800 Series Especificações
(60 páginas)
(60 páginas)
Redes Efficient Networks 802.11g Turbo WLAN USB Adapter with RP-SMA Connector Manual do Utilizador
(6 páginas)
(6 páginas)
Redes Efficient Networks 5200 Guia do Utilizador
(80 páginas)
(80 páginas)
Redes Efficient Networks 5800 Series Especificações
(94 páginas)
(94 páginas)
Redes Efficient Networks 5400 Manual do Utilizador
(12 páginas)
(12 páginas)
Redes Efficient Networks 802.11g Turbo WLAN USB Adapter with RP-SMA Connector Manual do Utilizador
(9 páginas)
(9 páginas)
Redes Efficient Networks 5500 Manual do Utilizador
(16 páginas)
(16 páginas)
© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.022 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais