Networking / Beginners

Hybrid or complex gateways

Hybrid gateways combine two or more of the previously mentioned firewall types and implement them in series rather than in parallel. If they are connected in series, then overall security is enhanced. On the other hand, if they are connected in parallel, then the network security perimeter will be only as secure as the least secure of all methods used. In medium- to high-risk environments, a hybrid gateway may be the ideal firewall implementation.

Issues

Now, let's look at some firewall policy issues. These issues include the following:

  • Authentication
  • Routing versus forwarding
  • Source routing
  • IP spoofing
  • DNS and mail resolution1

Authentication

Router-based firewalls don't provide user authentication. Hostbased firewalls can provide these kinds of authentication:

  • Username/password: This provides the lowest level of protection, because the information can be sniffed off the network or "shoulder surfed."
  • One-time passwords: One-time passwords using software or hardware tokens generate a new password for each session. This means that old passwords cannot be reused if they are sniffed or otherwise borrowed or stolen.
  • Digital certificates: Digital certificates use a certificate generated using public key encryption.
[Previous] [Contents] [Next]