Ways to Watch Your (Network) Neighborhood
When watching out for strangers in the neighborhood, some
parentsparticularly momscan get a reputation of knowing everything that the kids
are up to. Children the world over often wonder how moms can somehow know what
they are doing even when the parents aren't watching. It's like moms have
another set of eyes in the backs of their heads. Of course, moms really just
know human nature, so they can look for signs that somebody might be up to
something, such as when a normally boisterous little boy is suddenly quiet for a
few minutes.
A firewall acts a little like a mom who lives at the entrance
of the neighborhood. Not only does the firewall watch the traffic entering the
network, but it also knows the nature of the traffic that should be allowed to
flow through it.
One of the more important things that a firewall must do is to
recognize when a host is initiating a new flow. For instance, Fred allows
clients in his network to initiate a new flow to an Internet-based web server,
but Internet clients can't initiate a flow to Fred's internal servers or to
other internal user hosts inside Fredsco's network. So it's pretty important
that the firewall be able to figure out who's initiating the new flow.
A firewall knows what to expect with many network flows,
particularly those that use TCP. With TCP, a firewall can easily identify who's
initiating a flow. In TCP lingo, a flow is the equivalent of a TCP
connection. The host that is initiating the TCP connection sends the
first TCP segment, and there's something unique about that first segment. All
the firewall has to do is look for TCP segments that have that unique
characteristic to figure out when a new TCP connection, or flow, is being
created. Figure 18-5 shows a view of the
three TCP segments that are used to create a TCP connection.
Sections
Comments (0 posted)
Syndication
