1
Summary
Solutions Fast Track
Introduction
Every enterprise requires at least one firewall to provide the backbone for its net- work security architecture. Firewalls are the core component of your network’s security.The risks today have greatly increased, so the call for a stronger breed of firewall has been made. In the past, simple packet filtering firewalls allowing access to your internal resources have helped to mitigate your network’s risk.The next development was stateful inspection allowing you to monitor network ses- sions instead of single packets.Today’s risks are far greater and require a new gen- eration of devices to help secure our networks’ borders from the more
sophisticated attacks.
Firewalls police your network traffic. A firewall is a specialized device that allows or denies traffic based upon administratively defined policies.They contain technologies to inspect your network’s traffic.This technology is not something that is exclusive to firewalls, but firewalls are designed specifically for inspecting traffic and therefore do it better then any other type of device. Any network can have millions of packets transverse it in a short period of time. It is impossible for a human to directly interact with the network. Even if you were to use a tool to look at the traffic directly it would be impossible for you to decide which traffic is good and which is bad.The need for a specialized device to enforce traffic restrictions has grown over the years. Because security is of such high impor- tance, a specialized device was required to ensure the security of network traffic.
NetScreen firewall appliances have answered this call for a secure enterprise. The NetScreen firewall product line has complete offerings from the home office to the carrier-class networks. In this chapter we will review networking basics. Security requires a strong basic knowledge of networking protocols. In our first section, “Understanding Networking,” we will look at networking from a top-down approach.This section starts with the basic ideas of networking models and then works into full networking communications. We will also discuss the components and prerequisites of IP addresses and how they are divided up to make networks.
We will next look at networking in general by breaking it down to a layered approach.This will help you understand the flow of networking. Each specific layer in the networking model has a purpose. Working together, these layers allow for data to seamlessly pass over the network between systems. An example of browsing a website will be used.You will see all of the effort it takes just to fetch a web page. We will focus then on the TCP/IP protocol suite.This is the
most commonly used networking protocol and it is the protocol of the Internet. Finally in this chapter, we will look at network security.There are many impor- tant concepts to be aware of for information security.This will help you under- stand some network design considerations and the background behind them.
Understanding Networking
To understand networking is to understand the language of firewalls. A firewall is used to segment resources and limit access between networks. Before we can really focus on what a firewall does for us, we need to understand how net- working works.Today in most environments and on the Internet, the protocol suite TCP/IP (Transmission Control Protocol/Internet Protocol) is used to trans- port data from here to there. We will begin this chapter by looking at networking as a whole with a focus on the Open System Interconnection (OSI) model.
The OSI Model
The OSI model was originally developed as a framework to build networking protocols on. During the time when then Internet was being developed, a pro- tocol suite named TCP/IP was developed.TCP/IP was found to meet the requirements of the Internet’s precursor, ARPANET. At this point,TCP/IP was already integrated into UNIX and was quickly adopted by the academic commu- nity as well. With the advent of the Internet and its widespread usage,TCP/IP has become the de facto standard protocol suite of internetworking today.
The OSI model consists of seven distinct layers.These layers each contain the fundamental ideas of networking. In Figure 1.1 we can see the way that the seven layers stack on top of each other.The idea is that each upper layer is encapsulated inside of each lower layer. So ultimately, any data communications are transformed into the electrical impulses that pass over the cables or through the air that surrounds us. Understanding the OSI model is understanding the core of networking. In many places throughout this book, the OSI model is used to create a visual representation of networking.
The reality, however, is that the OSI model is just a reference model that pro- tocols are based upon.The next section, called “Moving Data Along With
TCP/IP,” demonstrates how some of the layers blur together. All in all, the OSI model is a great tool to help anyone understand networking and perform trou- bleshooting. Over the years, the OSI model has served as a reference for all pro- tocols that have been developed. Almost every book, manual, white paper, or
website that talks about networking protocols references the OSI model. It is important to have a baseline when discussing every topic.
For example, let’s compare cars and trucks.They are effectively the same device. Both are used to get from here to there, but they are designed very differ- ently. A truck has a sturdier frame to allow it to tow heavy loads. A car is smaller and is designed to be a transport for people. While these devices are very dif- ferent, they still have common components.They both have wheels, doors, brakes, and engines.This is much like the different components of a network protocol, which is essentially a vehicle for data. Networking protocols have com- ponents to help get the data from here to there, like wheels.They have compo- nents to control the flow of data, like brakes.These are all requirements of any protocol. Using and understanding the OSI model makes protocol usage and design easier. Whether TCP/IP or IPX/SPX, most protocols are built around the same framework (model).
Figure 1.1 The 7-Layer OSI Model
7. Application Layer 6. Presentation Layer 5. Session Layer 4. Transport Layer 3. Network Layer 2. Data Link Layer 1. Physical Layer