Terminology
The term network TAP is analogous to phone tap or vampire tap. Some vendors have phrases for which TAP is an acronym; however, those are most likely bacronyms.
The monitored traffic is sometimes referred to as the pass-through traffic, while the ports that are used for monitoring are the monitor ports. There is also an aggregation port where in the Full Duplex World the "A" traffic is Aggregated with the "B" traffic resulting in one stream of data /packets for monitoring the Full Duplex communication. The packets must be aligned into a single stream using a time of arrival algorithm.
Vendors will tend to use terms in their marketing such as breakout, passive, aggregating, regeneration, inline power, and others. Common meanings will be discussed later. Unfortunately, vendors do not use such terms consistently. Before buying any products, be sure to understand the available features, and check with vendors or read the product literature closely to figure out how marketing terms correspond to reality. All of the "Vendor Terms" are common within the industry and have real definitions and are valuable points of consideration when buying a TAP device.
New Filterable TAP Technology
A new type of TAP, or network access point, is now available. This new type of TAP is called a "filterable" TAP. It is especially valuable in the 10 Gigabit environment because 10-Gigabit test equipment is very expensive. Some TAPs, like those from several vendors, offer the ability to utilize less expensive and more widely available 1-Gigabit monitoring and analysis tools with these 10 Gigabit networks. When used in this fashion, some form of load-balancing or port-bonding is recommended to avoid packet loss to the monitoring tools.
A filterable TAP, that provides advanced filtering, can selectively pass data, based on application, VLAN ID, or other parameters, to the 1-Gigabit port for deep analysis and monitoring, including IDS requirements.
Filtered access is also the best way to focus on business-critical traffic, or other specific areas of your network. At higher speeds, network traffic analysis cannot be performed using the older "capture and decode everything" philosophy. In this type of environment, focused access is the best way to enable traffic analysis, and often is the only way.
Any filterable TAP you consider must have a simple user interface for easy setup and management. Furthermore, it must be able to collect the Layer 1 and Layer 2 data, while still allowing for auto saving, and easy access to data by graphing programs. Such a TAP can be part of a strategy to monitor for essential metrics, such as frame errors and corrupted frames in IPv6.
Sunday, July 19, 2009
Advantages and features
Advantages and features
Older network technologies tended to be shared. Connecting a monitoring device to a shared network segment (i.e., piece of a network) was very easy -- just connect the monitoring device as you would any other host, and enable promiscuous mode. Modern network technologies tend to be switched, meaning that devices are connected using point-to-point links. If a monitoring device is connected to such a network, it will only see its own traffic. The network TAP allows the monitoring device to view the contents of a point-to-point link.
Modern network technologies are often full-duplex, meaning that data can travel in both directions at the same time. If a network link allows 100 Mbit/s of data to flow in each direction at the same time, this means that the network really allows 200 Mbit/s of aggregate throughput. This can present a problem for monitoring technologies if they have only one monitor port. Therefore, network TAPs for full-duplex technologies usually have two monitor ports, one for each half of the connection. The listener must use channel bonding or link aggregation to merge the two connections into one aggregate interface to see both halves of the traffic. Other monitoring technologies do not deal well with the full-duplex problem.
Once a network TAP is in place, the network can be monitored without interfering with the network itself. Other network monitoring solutions require in-band changes to network devices, which means that monitoring can impact the devices being monitored.
Once a TAP is in place, a monitoring device can be connected to it as-needed without impacting the monitored network.
Some TAPs have multiple output ports, or multiple pairs of output ports for full-duplex, to allow more than one device to monitor the network at the TAP point. These are often called regeneration TAPs.
A passive fiber optic tap.Some TAPs, particularly fiber TAPs, can use no power and no electronics at all for the pass-through and monitor portion of the network traffic. This means that the TAP should never suffer any kind of electronics failure or power failure that results in a loss of network connectivity. One way this can work, for fiber-based network technologies, is that the TAP divides the incoming light using a simple physical apparatus into two outputs, one for the pass-through, one for the monitor. This can be called a passive TAP. Other TAPs use no power or electronics for the pass-through, but do use power and electronics for the monitor port. These can also be referred to as passive.
Some TAPs operate at the physical layer of the OSI model rather than the data link layer. For example, they work with multi-mode fiber rather than 1000BASE-SX. This means that they can work with most data link network technologies that use that physical media, such as ATM and some forms of Ethernet. Network TAPs that act as simple optical splitters, sometimes called passive TAPs (although that term is not used consistently) can have this property.
Some network TAPs offer both duplication of network traffic for monitoring devices and SNMP services. Most major network TAP manufacturers offer TAPs with remote management through Telnet, HTTP, or SNMP interfaces. Such network TAP hybrids can be helpful to network managers who wish to view baseline performance statistics without diverting existing tools. Alternately, SNMP alarms generated by managed TAPs can alert network managers to link conditions that merit examination by analyzers to intrusion detection systems.
Some TAPs get some of their power (i.e., for the pass-through) or all of their power (i.e., for both pass-through and monitor) from the network itself. These can be referred to as having inline power.
Some TAPs can also reproduce low-level network errors, such as short frames, bad CRC or corrupted data.
Older network technologies tended to be shared. Connecting a monitoring device to a shared network segment (i.e., piece of a network) was very easy -- just connect the monitoring device as you would any other host, and enable promiscuous mode. Modern network technologies tend to be switched, meaning that devices are connected using point-to-point links. If a monitoring device is connected to such a network, it will only see its own traffic. The network TAP allows the monitoring device to view the contents of a point-to-point link.
Modern network technologies are often full-duplex, meaning that data can travel in both directions at the same time. If a network link allows 100 Mbit/s of data to flow in each direction at the same time, this means that the network really allows 200 Mbit/s of aggregate throughput. This can present a problem for monitoring technologies if they have only one monitor port. Therefore, network TAPs for full-duplex technologies usually have two monitor ports, one for each half of the connection. The listener must use channel bonding or link aggregation to merge the two connections into one aggregate interface to see both halves of the traffic. Other monitoring technologies do not deal well with the full-duplex problem.
Once a network TAP is in place, the network can be monitored without interfering with the network itself. Other network monitoring solutions require in-band changes to network devices, which means that monitoring can impact the devices being monitored.
Once a TAP is in place, a monitoring device can be connected to it as-needed without impacting the monitored network.
Some TAPs have multiple output ports, or multiple pairs of output ports for full-duplex, to allow more than one device to monitor the network at the TAP point. These are often called regeneration TAPs.
A passive fiber optic tap.Some TAPs, particularly fiber TAPs, can use no power and no electronics at all for the pass-through and monitor portion of the network traffic. This means that the TAP should never suffer any kind of electronics failure or power failure that results in a loss of network connectivity. One way this can work, for fiber-based network technologies, is that the TAP divides the incoming light using a simple physical apparatus into two outputs, one for the pass-through, one for the monitor. This can be called a passive TAP. Other TAPs use no power or electronics for the pass-through, but do use power and electronics for the monitor port. These can also be referred to as passive.
Some TAPs operate at the physical layer of the OSI model rather than the data link layer. For example, they work with multi-mode fiber rather than 1000BASE-SX. This means that they can work with most data link network technologies that use that physical media, such as ATM and some forms of Ethernet. Network TAPs that act as simple optical splitters, sometimes called passive TAPs (although that term is not used consistently) can have this property.
Some network TAPs offer both duplication of network traffic for monitoring devices and SNMP services. Most major network TAP manufacturers offer TAPs with remote management through Telnet, HTTP, or SNMP interfaces. Such network TAP hybrids can be helpful to network managers who wish to view baseline performance statistics without diverting existing tools. Alternately, SNMP alarms generated by managed TAPs can alert network managers to link conditions that merit examination by analyzers to intrusion detection systems.
Some TAPs get some of their power (i.e., for the pass-through) or all of their power (i.e., for both pass-through and monitor) from the network itself. These can be referred to as having inline power.
Some TAPs can also reproduce low-level network errors, such as short frames, bad CRC or corrupted data.
Disadvantages and problems
Disadvantages and problems
Network TAPs require additional hardware, so are not as cheap as technologies that leverage capabilities that are built-in to the network. They are easier to manage and normally provide more data than some network devices though.
Network TAPs can require channel bonding on monitoring devices to get around the problem with full-duplex discussed above. Vendors usually refer to this as aggregation as well.
Putting a network TAP into place can disrupt the network being monitored for a short time. It's better than taking a network down multiple times to deploy a monitoring tool though. Establishing good guidelines for placement of network taps is recommended procedure.
Monitoring large networks using network Taps can require a lot of monitoring devices. Some argue that other technologies scale better.[citation needed] SPAN ports are presumed free, but require more configuration than TAPs.
Even fully passive network TAPs introduce new points of failure into the network. There are several ways that taps can cause problems and this should be considered when creating a tap architecture. Consider non-powered taps for optical-only environments. This allows you to modify the intelligent aggregation taps that may be in use and avoids any complications when upgrading from 100 Megabit to Gigabit to 10 Gigabit. Redundant power supplies are highly recommended.
Network TAPs require additional hardware, so are not as cheap as technologies that leverage capabilities that are built-in to the network. They are easier to manage and normally provide more data than some network devices though.
Network TAPs can require channel bonding on monitoring devices to get around the problem with full-duplex discussed above. Vendors usually refer to this as aggregation as well.
Putting a network TAP into place can disrupt the network being monitored for a short time. It's better than taking a network down multiple times to deploy a monitoring tool though. Establishing good guidelines for placement of network taps is recommended procedure.
Monitoring large networks using network Taps can require a lot of monitoring devices. Some argue that other technologies scale better.[citation needed] SPAN ports are presumed free, but require more configuration than TAPs.
Even fully passive network TAPs introduce new points of failure into the network. There are several ways that taps can cause problems and this should be considered when creating a tap architecture. Consider non-powered taps for optical-only environments. This allows you to modify the intelligent aggregation taps that may be in use and avoids any complications when upgrading from 100 Megabit to Gigabit to 10 Gigabit. Redundant power supplies are highly recommended.
Comparison to other monitoring technologies
Comparison to other monitoring technologies
Various monitoring approaches can be used, depending on the network technology and the monitoring objective:
The simplest type of monitoring is logging in to an interesting device and running programs or commands that show performance statistics and other data. This is the cheapest way to monitor a network, and is highly appropriate for small networks. However, it does not scale well to large networks. It can also impact the network being monitored; see observer effect.
Another way to monitor devices is to use a remote management protocol such as SNMP to ask devices about their performance. This scales well, but is not necessarily appropriate for all types of monitoring. The inherent problems with SNMP are the polling effect. Many vendors have alleviated this by using intelligent polling schedulers, but this may still affect the performance of the device being monitored. It also opens up a host of potential security problems.
Network intrusion detection systems require a lot of host resources, so it is desirable to run such software on centralized monitoring systems rather than on individual hosts. Also, politically, sometimes one group runs the network and another group runs the computers, so the group that runs the network wants to have monitoring capabilities independent of the group that runs the computers.
Another method to monitor networks is by enable promiscuous mode on the monitoring host, and connecting it to a shared segment. This works well with older LAN technologies such as 10BASE-T Ethernet networks and FDDI networks. On such networks, any host can automatically see what all other hosts were doing by enabling promiscuous mode. However, modern switched network technologies such as those used on modern Ethernets provide, in effect, point-to-point links between pairs of devices, so it is hard for other devices to see traffic.
Another method to monitor networks is to use port mirroring (called "SPAN", for Switched Port Analyzer, by Cisco, and given other names by some other vendors) on routers and switches. This is a low-cost alternative to network TAPs, and solves many of the same problems. However, not all routers and switches support port mirroring and, on those that do, using port mirroring can affect the performance of the router or switch. These technologies may also be subject to the problem with full-duplex described elsewhere in this article, and there are often limits for the router or switch on how many pass-through sessions can be monitored, or how many monitor ports (generally two) can monitor a given session.
Various monitoring approaches can be used, depending on the network technology and the monitoring objective:
The simplest type of monitoring is logging in to an interesting device and running programs or commands that show performance statistics and other data. This is the cheapest way to monitor a network, and is highly appropriate for small networks. However, it does not scale well to large networks. It can also impact the network being monitored; see observer effect.
Another way to monitor devices is to use a remote management protocol such as SNMP to ask devices about their performance. This scales well, but is not necessarily appropriate for all types of monitoring. The inherent problems with SNMP are the polling effect. Many vendors have alleviated this by using intelligent polling schedulers, but this may still affect the performance of the device being monitored. It also opens up a host of potential security problems.
Network intrusion detection systems require a lot of host resources, so it is desirable to run such software on centralized monitoring systems rather than on individual hosts. Also, politically, sometimes one group runs the network and another group runs the computers, so the group that runs the network wants to have monitoring capabilities independent of the group that runs the computers.
Another method to monitor networks is by enable promiscuous mode on the monitoring host, and connecting it to a shared segment. This works well with older LAN technologies such as 10BASE-T Ethernet networks and FDDI networks. On such networks, any host can automatically see what all other hosts were doing by enabling promiscuous mode. However, modern switched network technologies such as those used on modern Ethernets provide, in effect, point-to-point links between pairs of devices, so it is hard for other devices to see traffic.
Another method to monitor networks is to use port mirroring (called "SPAN", for Switched Port Analyzer, by Cisco, and given other names by some other vendors) on routers and switches. This is a low-cost alternative to network TAPs, and solves many of the same problems. However, not all routers and switches support port mirroring and, on those that do, using port mirroring can affect the performance of the router or switch. These technologies may also be subject to the problem with full-duplex described elsewhere in this article, and there are often limits for the router or switch on how many pass-through sessions can be monitored, or how many monitor ports (generally two) can monitor a given session.
Application-oriented networking
Application-oriented networking
Application-oriented networking (AON) involves network devices designed to aid in computer
to-computer application integration.
Application-oriented networking was popularized by Cisco Systems in response to increasing use of XML messaging (combined with related standards such as XSLT, XPath and XQuery) to link miscellaneous applications, data sources and other computing assets.
Many of the operations required to mediate between applications, or to monitor their transactions, can be built into network devices that are optimized for the purpose.
The rules and policies for performing these operations, also expressed in XML, are specified separately and downloaded as required. Cisco has adopted the AON acronym as the name of a family of products that function in this way.
Application-oriented networking (AON) involves network devices designed to aid in computer
to-computer application integration.
Application-oriented networking was popularized by Cisco Systems in response to increasing use of XML messaging (combined with related standards such as XSLT, XPath and XQuery) to link miscellaneous applications, data sources and other computing assets.
Many of the operations required to mediate between applications, or to monitor their transactions, can be built into network devices that are optimized for the purpose.
The rules and policies for performing these operations, also expressed in XML, are specified separately and downloaded as required. Cisco has adopted the AON acronym as the name of a family of products that function in this way.
Tuesday, July 14, 2009
Networking Tips
Tips :
Computer networks are used to share the data and resources and for the communications. To get the optimized performance, data protection, maintenance, improved reliability and the security, every system administrator and network administrator should know the basic maintenance, troubleshooting and security techniques. Downtime is very dangerous for the critical network business applications and servers. In this article, you will learn some of the best networking tips and by using them you can get the optimized performance from your network.
Security :
A compute network is susceptible to the internet and external security related threats, which includes viruses, spyware, adware, Trojan horses, rootkits, web worms, intruders and hackers. To keep your network secure
Firewall :
Install and configure a software/hardware firewall on your gateway and all other computers in your network. Firewall is used monitor the inbound and outbound traffic and block the unauthorized access and hackers’ attacks.
Antivirus: Install antivirus software such as Norton Antivirus, Trend Micro Office Scan, Panda Antivirus or McAfee and regularly scan your computer with an antivirus program.
Anti spyware :
Install and configure an up-to-dated anti spyware software in your network.
Updated Operating System :
Update your Windows based operating systems with the latest service packs, hot fixes and security patches.
Browser Security :
Raise the level of security of your web browsers.
Connectivity :
Computer networking sometimes considered to be complex and seems to hard to troubleshoot. The connectivity problems occur in the computer network due to the devices conflicts, outdated LAN card’s driver, faulty hardware, faulty cable or connectors and misconfigurations. To troubleshoot the connectivity related issues, you need to perform the following tasks.
Check the LEDs of your LAN card.
Update the driver of your LAN card.
Scan your computer for the viruses and spyware.
Check the UTP/STP cable, the both end of the cable should be properly inserted i.e. one end in the LAN card and one end in the hub/switch or router.
Check the configurations of the LAN card.
PING the destination computer and check the status.
If your problem is still not resolved, replace the LAN card and reconfigure it.
Maintenance :
Computer network availability and security is very critical for the businesses. Maintenance include the domain setup, dealing with the internal and external security threats, assigning IP addresses to the computes, enabling/disabling network services like DHCP, FTP SMTP, SNMP, taking data backup, adding/removing users, troubleshooting the software/hardware, configuring the firewall and implementing the security in the overall IT infrastructure. To perform the maintenance related tasks in your compute network, you need the perfect tools.
Troubleshooting :
You can troubleshoot the computer network related problems by using the right tools and techniques. Be default, Windows based operating systems offer the TCP/IP stack, which contains the troubleshooting and diagnostic utilities such as PING, IPCONFIG, Hostname, ARP, Telnet, NSLOOKUP, Tracert and many others. Pinging a network computer is the first troubleshooting step as it checks the connectivity with the destination computer. Additionally, you can use the other troubleshooting tools such as Ethereal, IP Sniffer, LanGuard, Packeteer and many others. These tools help to diagnose the cause of the problem and troubleshoot them.
Performance :
To get the optimized performance from your computer network, you need to perform the following actions on every computer of your network.
Use System Tools :
Delete Unnecessary Files
Update Device Drivers
Update BIOS
Uninstall Unused Programs
Update Operating System
Wireless Networking Security Tips
The following tips are very helpful in securing your wireless computer network.
Change the Default SSID
Change the Default Administrator’s password
Disable SSID broadcast.
Enable Mac Address Filtering
Assign Static IP address to the Network devices and computers.
Turn on and configure the firewall on every computer in your network.
Enable IPSec, SSL, Encryption, WPA and WPE according to your security requirements.
Computer networks are used to share the data and resources and for the communications. To get the optimized performance, data protection, maintenance, improved reliability and the security, every system administrator and network administrator should know the basic maintenance, troubleshooting and security techniques. Downtime is very dangerous for the critical network business applications and servers. In this article, you will learn some of the best networking tips and by using them you can get the optimized performance from your network.
Security :
A compute network is susceptible to the internet and external security related threats, which includes viruses, spyware, adware, Trojan horses, rootkits, web worms, intruders and hackers. To keep your network secure
Firewall :
Install and configure a software/hardware firewall on your gateway and all other computers in your network. Firewall is used monitor the inbound and outbound traffic and block the unauthorized access and hackers’ attacks.
Antivirus: Install antivirus software such as Norton Antivirus, Trend Micro Office Scan, Panda Antivirus or McAfee and regularly scan your computer with an antivirus program.
Anti spyware :
Install and configure an up-to-dated anti spyware software in your network.
Updated Operating System :
Update your Windows based operating systems with the latest service packs, hot fixes and security patches.
Browser Security :
Raise the level of security of your web browsers.
Connectivity :
Computer networking sometimes considered to be complex and seems to hard to troubleshoot. The connectivity problems occur in the computer network due to the devices conflicts, outdated LAN card’s driver, faulty hardware, faulty cable or connectors and misconfigurations. To troubleshoot the connectivity related issues, you need to perform the following tasks.
Check the LEDs of your LAN card.
Update the driver of your LAN card.
Scan your computer for the viruses and spyware.
Check the UTP/STP cable, the both end of the cable should be properly inserted i.e. one end in the LAN card and one end in the hub/switch or router.
Check the configurations of the LAN card.
PING the destination computer and check the status.
If your problem is still not resolved, replace the LAN card and reconfigure it.
Maintenance :
Computer network availability and security is very critical for the businesses. Maintenance include the domain setup, dealing with the internal and external security threats, assigning IP addresses to the computes, enabling/disabling network services like DHCP, FTP SMTP, SNMP, taking data backup, adding/removing users, troubleshooting the software/hardware, configuring the firewall and implementing the security in the overall IT infrastructure. To perform the maintenance related tasks in your compute network, you need the perfect tools.
Troubleshooting :
You can troubleshoot the computer network related problems by using the right tools and techniques. Be default, Windows based operating systems offer the TCP/IP stack, which contains the troubleshooting and diagnostic utilities such as PING, IPCONFIG, Hostname, ARP, Telnet, NSLOOKUP, Tracert and many others. Pinging a network computer is the first troubleshooting step as it checks the connectivity with the destination computer. Additionally, you can use the other troubleshooting tools such as Ethereal, IP Sniffer, LanGuard, Packeteer and many others. These tools help to diagnose the cause of the problem and troubleshoot them.
Performance :
To get the optimized performance from your computer network, you need to perform the following actions on every computer of your network.
Use System Tools :
Delete Unnecessary Files
Update Device Drivers
Update BIOS
Uninstall Unused Programs
Update Operating System
Wireless Networking Security Tips
The following tips are very helpful in securing your wireless computer network.
Change the Default SSID
Change the Default Administrator’s password
Disable SSID broadcast.
Enable Mac Address Filtering
Assign Static IP address to the Network devices and computers.
Turn on and configure the firewall on every computer in your network.
Enable IPSec, SSL, Encryption, WPA and WPE according to your security requirements.
Networking hardware
Networking hardware
Networking hardware typically refers to equipment facilitating the use of a computer network. Typically, this includes routers, switches, hubs, gateways, access points, network interface cards, Networking cables, network bridges, modems, ISDN adapters, firewalls and other related hardware.
The most common kind of networking hardware today is copper-based Ethernet adapters, helped largely by its standard inclusion on most modern computer systems. Wireless networking has become increasingly popular, however, especially for portable and handheld devices.
Other hardware prevalent within computer networking is datacenter equipment (such as file servers, database servers and storage areas), network services (such as DNS, DHCP, email etc) as well as other specific network devices such as content delivery.
Other diverse devices which may be considered Networking hardware include mobile phones, PDAs and even modern coffee machines. As technology grows and IP-based networks are integrated into building infrastructure and household utilities, network hardware becomes an ambiguous statement owing to the increasing number of 'network capable' endpoints.
Networking hardware typically refers to equipment facilitating the use of a computer network. Typically, this includes routers, switches, hubs, gateways, access points, network interface cards, Networking cables, network bridges, modems, ISDN adapters, firewalls and other related hardware.
The most common kind of networking hardware today is copper-based Ethernet adapters, helped largely by its standard inclusion on most modern computer systems. Wireless networking has become increasingly popular, however, especially for portable and handheld devices.
Other hardware prevalent within computer networking is datacenter equipment (such as file servers, database servers and storage areas), network services (such as DNS, DHCP, email etc) as well as other specific network devices such as content delivery.
Other diverse devices which may be considered Networking hardware include mobile phones, PDAs and even modern coffee machines. As technology grows and IP-based networks are integrated into building infrastructure and household utilities, network hardware becomes an ambiguous statement owing to the increasing number of 'network capable' endpoints.
Introduction to Firewall
INTRODUCTINO TO FIREWALL
Firewall is a first line of defense and protective barrier between your network and the outer world. It can be a software or hardware and it is configured and attached with the gateway computer. It encrypts, filters, monitors, permits or denies all the network traffic. A system without the implementation of the firewall can easily be attacked by the viruses, hackers, intruders, unauthorized access and other internal and external threats. It regulates the traffic between the computer network and the internet. It protects the resources of the private network from the internal and external threats.
Windows XP Professional has built-in firewall software that allows the users to filter the incoming and outgoing traffic by applying different rules. The rules can be based on the IP addresses of the source and destination, port number, domain names and specific applications and protocols such as FTP, HTTP, Remote desktop, Telnet, SMTP, POP3 and Https etc. A firewall works closely with the router and many routers has the built-in firewall. The common functionalities include packet filtering, application gateway, proxy server and circuit relay.
Firewall Features
The common features of a firewall program include the following.
Packet filtering
Ports blocking and scanning
Web filtering
URL Screening
Web caching
User blocking
Domain blocking
Antivirus
Spam Filtering
Email Scanning
Network Access Rules
Network Address Translation (NAT)
User Authentication
Intrusion Protection
Network Activity Monitoring
Types of Firewall
Firewall can be categorized into the following two major categories.
Software Firewall
There are many software firewall products that are usually installed and configured on the Server computer. The most common software firewall includes Zone Alarm, Wingate, Barracuda spam firewall, Symantec Norton Personal Firewall, McAfee Personal Firewall Plus and Sygate® Personal Firewall PRO.
Hardware Firewall
A hardware firewall is a dedicated device that is usually attached with the gateway computer. Many routers provide have built-in firewall features. It filters the network traffic and blocks the unwanted traffic.
Firewall is a first line of defense and protective barrier between your network and the outer world. It can be a software or hardware and it is configured and attached with the gateway computer. It encrypts, filters, monitors, permits or denies all the network traffic. A system without the implementation of the firewall can easily be attacked by the viruses, hackers, intruders, unauthorized access and other internal and external threats. It regulates the traffic between the computer network and the internet. It protects the resources of the private network from the internal and external threats.
Windows XP Professional has built-in firewall software that allows the users to filter the incoming and outgoing traffic by applying different rules. The rules can be based on the IP addresses of the source and destination, port number, domain names and specific applications and protocols such as FTP, HTTP, Remote desktop, Telnet, SMTP, POP3 and Https etc. A firewall works closely with the router and many routers has the built-in firewall. The common functionalities include packet filtering, application gateway, proxy server and circuit relay.
Firewall Features
The common features of a firewall program include the following.
Packet filtering
Ports blocking and scanning
Web filtering
URL Screening
Web caching
User blocking
Domain blocking
Antivirus
Spam Filtering
Email Scanning
Network Access Rules
Network Address Translation (NAT)
User Authentication
Intrusion Protection
Network Activity Monitoring
Types of Firewall
Firewall can be categorized into the following two major categories.
Software Firewall
There are many software firewall products that are usually installed and configured on the Server computer. The most common software firewall includes Zone Alarm, Wingate, Barracuda spam firewall, Symantec Norton Personal Firewall, McAfee Personal Firewall Plus and Sygate® Personal Firewall PRO.
Hardware Firewall
A hardware firewall is a dedicated device that is usually attached with the gateway computer. Many routers provide have built-in firewall features. It filters the network traffic and blocks the unwanted traffic.
Subscribe to:
Posts (Atom)
