Overview

Many companies today are finding that the wealth of information available on the global Internet is invaluable. Companies are now exploiting the services that it offers such as Electronic Mail, On-line shopping, Advertising, and the abundance of information that is readily available all just a mouse click away. Indeed, to many companies the Internet is its very life blood. So, given that companies need the resources of the Internet, it follows that their networks must be linked to it therein lies our problem. How can we ensure that we can take full advantage of the Internet without unwanted intrusion from other Internet users?

Figure 23-1: A Simple Network with Internet Connection

The answer lies in what has become known as Firewall Security where a router is configured through a series of filters, to provide a flexible yet secure gateway between networks. Almost all routers can be configured with filters limiting the data they pass. At the simplest level the router could be configured to forward packets only from certain networks however this can limit legitimate traffic. Another method is to limit protocols and/or to filter on parts of the packet themselves. There are many excellent books on this subject already and a complete discussion of every aspect of network security is certainly beyond the scope of this publication. However, in this chapter we shall discuss some of the areas that must be considered when implementing router security, based on protocols and specific packet elements.

When considering...