|
Lesson 1
Securing Internetwork Communications
12-3
Lesson 1: Securing Internetwork Communications
Computers running Windows Server 2003 are designed to receive traffic from
other
computers over the network. The primary function of a server is to receive
and process
requests sent by clients. However, a computer that is left open to
transmissions from
other computers is also a security hazard, particularly if the server is
accessible from
the Internet. Unauthorized users might attempt to access the server for
destructive pur-
poses, such as to access confidential data files, introduce outside
software, or simply to
prevent others from using the server. One of the most common techniques
firewalls
use to prevent these kinds of intrusions is called packet filtering.
After this lesson, you will be able to
■ Describe the function and usefulness of packet filtering
■ List the well-known port numbers used by common applications and services
■ List the criteria you can use to filter network traffic
■ Describe the packet filtering functionality included in Windows Server
2003
Estimated lesson time: 30 minutes
Introducing Packet Filtering
Packet filtering is a method for regulating the TCP/IP traffic that is
permitted to reach
a computer or a network, based on criteria such as IP addresses, protocols,
and port
numbers. The system implementing the filter examines each packet as it
arrives and
determines whether it meets the criteria for admission. Packets that do meet
the admis-
sion criteria are processed by the system in the normal manner; those that
do not are
silently discarded. For example, Internet e-mail servers typically use the
Simple Mail
Transfer Protocol (SMTP) and the Post Office Protocol 3 (POP3). These
protocols use
the port numbers 25 and 110, respectively. You can create a packet filter
that permits
only packets addressed to port numbers 25 and 110 to reach the server.
Understanding Ports and Protocols
In the packet header of each TCP/IP protocol at each layer of the Open
Systems
Interconnection (OSI) reference model, identifiers specify which protocol at
the
next layer should receive the packet. For example, a data-link layer
protocol,
such as Ethernet, has an Ethertype value in its header that specifies which
net-
work-layer protocol should process the packet. In the same way, at the
network
layer, the Internet Protocol (IP) has a Protocol field that specifies the
transport-
layer protocol that should receive the packet, and each transport-layer
protocol
has a Port field that specifies the application that should be the final
recipient of
the data in the packet.
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)