SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Unit 5 Assignment 1_Select the Proper Type of Firewall
-
Upload
joseph-nichols -
Category
Documents
-
view
20 -
download
3
Transcript of Unit 5 Assignment 1_Select the Proper Type of Firewall
[
]
2014
Name?IS3220
Mr. ?
Select the Proper Name?Type of Firewall IS3220
30 Jan 2014
Based on the prosed layout of the network I have come up with a design for the
placement of the firewalls and decided what filters should be running on which ones. My
decisions have been made in order to best protect the network against malicious attacks and
unauthorized access to certain parts of the network without the proper permissions. The first line
of defense is between the internet and the company’s network where I have placed the first
firewall which includes the following filters; Static Packet filtering, NAT, Content filtering,
Circuit Proxy, Application Proxy, and Dynamic Packet filtering. The reasoning behind this is;
Static packet filtering focuses on the network layer (layer 3), specifically the header contents and
will filter the bulk of packets making other filters operate more efficiently, this is why it should
be the first line of defense of the filters being used (Stewart, 2011). The next service that isn’t a
filter but is common among firewalls is Network Address Translation (NAT); it helps translate
the internal addresses to external addresses and is usually listed as a filtering service. The next
filter is the Content filtering which can be used to intercept specific content in a packet leaving
the network before it reaches the internet because it looks at the domain name, URL, filename, or
file extension that are found at the Application Layer (Layer 7) (Stewart, 2011). Next I included
the Circuit Proxy as to keep anyone from initiating a session on the network that does not have
any business on the network and works on layers 3 – 5. The next filter added was the
Application Proxy which like the Circuit Proxy acts like a middleman between the client and
server, this filter inspects traffic completely at any layer including the header and the payload
unlike the Static Packet filter that can only check the header, with this filter active the client
never has a direct connection with the resource server adding a layer of protection. The last filter
that I included was the Dynamic Packet filter that addresses complex malicious traffic over the
Transport Layer (layer 4) and Layers 5 – 7 as well.
The next firewall that I placed on the network was between the router and the Web Server
which is part of the DMZ. The filters that are included with that firewall are as follows; NAT,
Select the Proper Name?Type of Firewall IS3220
30 Jan 2014
Content filter, Circuit Proxy, Application Proxy, and Dynamic Packet filtering. This firewall’s
main focus is to filter Layers 5 – 7 the Application Layers but it also includes the Circuit Proxy
filter which operates on layers 3 – 5 as a middleman between a client and server to allow or deny
the initiation of a session based on a list of rules. The firewall emplaced between the
workstations and the router has the following filters; Static Packet filtering, NAT, Circuit Proxy,
Application Proxy, and Dynamic Packet filtering. This firewall focuses on the network
protection by using the Static Packet filtering that operates at the Network Layer (layer 3) and
the Transport Layer (layer 4), also using Circuit Proxy that uses Layers 3 – 5 to filter sessions,
the Application Proxy that can inspect traffic at any Layer, and the Dynamic Packet filter that
determines the virtual circuits using the three-way handshake at the Transport Layer (layer 4)
(Stewart, 2011).
The next firewall is placed between the workstations and the internal corporate servers in
order to protect the servers from unauthorized users from inside and outside the network. The
filters that are set on this firewall are as follows; Stateful Inspection, Content filtering, Circuit
Proxy, and Application Proxy, making the main focus of this firewall’s protection the
Application Layers 5 – 7. The last firewall that I suggest emplacing with filters in place is to
protect the network from the Wireless Network connection. The filters that should be enabled
are the following; Static Packet, NAT, Content filtering, Circuit Proxy, Application Proxy, and
Dynamic Packet, the main focus here is the network. Just as with the first firewall between the
internet and the router it will use Static Packet filtering as a first line of defense because Wireless
Access points are a big vulnerability to begin with, and the rest of the filters can also filter
packets at the Lower Layers of the OSI Model as well, more specifically from the Network
Layer (layer 3) up to the Session Layer (layer 5).
Select the Proper Name?Type of Firewall IS3220
30 Jan 2014
Select the Proper Name?Type of Firewall IS3220
30 Jan 2014
References
Works Cited
Stewart, J. M. (2011). Network Security, Firewalls, and VPNs. Sudbury: Jones & Bartlett
Learning. Retrieved Jan 30, 2013