|
|
|
|
|
|
 |
 |
|
معرفي نرم افزارFireWall
امروزه با گسترش شبكه هاي كامپيوتري و با توجه به اهميت پايداري در امنيت سيستمهاي
شبكه اي ، اهميت حفظ امنيت و پياده سازي آنان در هر عرصه و هر لايه امنيتي براي
كاهش آسيب پذيري سيستمها تا حد ممكن ، داراي ارزش فوق العاده اي است كه در اين
راستا شركت ارتباطات نوين فرانام اقدام به طراحي و پياده سازي نرم افزار Firewall
نموده است .
از راههاي حفظ شبكه در برابر حملات خارجي به شبكه استفاده از Firewall ميباشد. با
اتصال به اينترنت ، (شبكه جهاني نا امن) ، در واقع دري به سوي خرابكارها و نفوذگرها
گشوده ايم. Firewall به عنوان رابطي بين دنياي نا امن خارجي و شبكه داخلي ما قرار
ميگيرد تا از ورود اطلاعات مخرب و نامناسب به شبكه داخلي ما جلوگيري كند و همچنين
در برابر حملات و نفوذ Hacker ها به شبكه داخلي مقاومت كند.
متخصصان IT به اين سوال كه چه كسي بهFirewall نياز دارد؟ اينگونه پاسخ داده اند :
“هر آن كس كه به اينترنت متصل است!”
آنان اينگونه بر اين امر تاكيد دارند و اعتقادشان بر آن است كه اگر شما حاضر نيستيد
سيستم خود را توسط Firewall ايمن كنيد ، ما حاضر
نيستيم از سيستم نا امن شما براي حمله به ما استفاده شود.
از جمله ويژگيهاي اين Firewall مي توان به موارد زير اشاره كرد:
Firewall Key Features
Stateful Inspection Firewalling
DMZ (Demilitarized Zone) implemented for public servers such as :
web server, mail server, DNS server, FTP server, …
Armed against following attacks:
DOS attacks (Denial of Service)
- Ping of Death attacks
- SYN Floods
- UDP Floods
IP Spoofing attacks
SNAT, DNAT support
IPV6 tunnel traffic support
IPSEC protocol compaitible
Transparent cache support
Port forwarding enabled by DNAT(for internal services)
Internal zone in depth protection
Deny internal zone pings
Block port scanning
Block traceroutes
Stop SMB traffic going out
Drop unwanted traffic
Ignore ICMP bogus error messages
Ignore responds to broadcast pings
Kill timestamps
Drop invalid packets
Drop unwanted TCP, UDP port connections
|
|
|
Powerwall Software Features
DMZ (Demilitarized Zone) implemented for public servers such as :
web server, mail server, DNS server, FTP server, …
Armed against following attacks:
•DOS attacks (Denial of Service)
- Ping of Death attacks
- SYN Floods
- UDP Floods
•IP Spoofing attacks
SNAT, DNAT support
IPV6 tunnel traffic support
IPSEC protocol compatible
Transparent cache support
Port forwarding enabled by DNAT ( for internal services )
Internal zone in depth protection
•Deny internal zone pings
•Block port scanning
•Block traceroutes
•Stop SMB traffic going out
Drop unwanted traffic
•Ignore ICMP bogus error messages
•Ignore responds to broadcast pings
•Kill timestamps
•Drop invalid packets
•Drop unwanted TCP,UDP port connections
• State-of-the-art Adaptive Security Algorithm (ASA) and stateful inspection
firewalling
• Support for up to 2 ethernet interfaces ranging from , 10/100 Fast Ethernet
• Stateful firewall failover capability with synchronized connection information
and product configurations
• True Network Address Translation (NAT) as specified in RFC 1631
• Port Address Translation (PAT) further expands a company’s address pool-one IP
address supports more than 64,000 hosts
• Support for IPsec and L2TP/PPTP-based VPNs
• Support for broad range of authentication methods via TACACS+, Radius
• Flood Guard and Fragmentation Guard protect against denial of service attacks
• Extended authentication, authorization, and accounting capabilities
• Ability to customize protocol port numbers
• Enhanced customization of syslog messages
|
 |
|
|
|