Simple firewall solutions provide basic firewall features:
- traffic filtering based on the IP address and/or the source port or the IP address and/or the target port,
- the Stateful Packet Inspection mechanism (an ongoing analysis and storage of connection statuses),
- the ability to hide the addressing and structure of a protected network using NAT (Network Address Translation) mechanisms,
- a set of basic features that enable protection against typical DoS (Denial of Service) attacks.
Simple firewalls can be implemented on the base of CISCO IOS router operating system version that comprises a more extended set of security mechanisms, for example a version called “firewall feature set”. The solution belongs to the group of simple firewalls, because it supports CBAC (Context Based Access Control) mechanisms. The simple firewall group includes also personal firewalls installed directly on secured hosts (in many cases they are Windows workstations).
Simple Firewall mechanisms most common implementation is based on a dedicated Unix system. It also requires the installation and configuration of the operating system as it was in case of unix based packet filters. The only difference between this solution and packet filters is the activation of typical firewall mechanisms available in the same software.
|
