Network security is implemented with various technologies, including firewalls, intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), remote access authentication mechanisms, and Virtual Private Networks (VPNs).
A firewall controls traffic flow between a trusted network (such as a corporate LAN) and an untrusted or public network (such as the Internet). A firewall can comprise hardware, software, or a combination of both hardware and software. The CISSP candidate must understand the various types of firewalls and common firewall architectures.
Three basic classifications of firewalls have been established: packet-filtering, circuit-level gateway, and application-level gateway.
A packet-filtering firewall (or screening router), one of the most basic (and inexpensive) types of firewalls, is ideally suited for a low-risk environment. A packet-filtering firewall permits or denies traffic based solely on the TCP, UDP, ICMP, and IP headers of the individual ...