Previous Page  33 / 56 Next Page
Information
Show Menu
Previous Page 33 / 56 Next Page
Page Background 31 industrial communications handbook 2016

vice, pretending it was the original sender of the traf-

fic. A stateful firewall picks this up because it moni-

tors the actual connection and not just the packets

individually.

A properly configured firewall is set with a gener-

al policy to deny any traffic passing through it, with

specific rules created for each traffic stream that

needs to be allowed. These rules should be as tightly

specific as possible. For example, if two individual

devices in a subnet need internet access to an online

server, make the rule from only those two devices’

IP addresses to the server’s address on the Internet,

rather than the entire subnet to the Internet. If they

only talk over a single TCP port, set that port as an-

other restriction. This makes it harder for anyone to

find access through a loophole in the rules.

Modern firewall packages come with various

other services, each of which needs to be licenced

separately. This allows users to pick and choose the

specific security options they want to integrate and

use on their systems, and can include services such

as built in anti-virus checkers, which check all in-

coming files, or traffic managers which can be con-

figured with a set of rules determining which web-

sites can be accessed from inside a secure network.

Other services include monitoring of outgoing con-

nections to see which devices are performing what

services and actions. Whilst many of these features

are meant more for corporate environments, they

are becoming useful for mission-critical networks

as well.

5.6 Virtual Private Networks

Another important feature of firewalls is their ability

to function as a VPN server. A VPN, or Virtual Private

Network, is exactly what the name implies. It is a

virtual connection between another router or an end

device, and the firewall or VPN server. This creates a

virtual network connection that is private: it requires

authentication (username and password) to connect

to, and encrypts all traffic travelling across it. A VPN

can be created over an unsecure network such as

the Internet and sensitive traffic can be sent across it

without fear of this traffic being intercepted. These

days VPNs are popular for civilian use to obscure

Internet activities and to bypass various geographic

fact Your PC, tablet or Android smartphone as a full featured and cost-effective HART communicator ProComSol – DD based communication package • Easy-to-use and reliable combination of Smart communicator software and USB or Bluetooth HART modem (>80m range) • Extended functionality: easy updating, multi-function and documentation capability • Complete HART configurations using device DD: all parameters, including methods KROHNE South Africa 8 Bushbuck Close, Corporate Park South Randjiespark, Midrand, Tel.: +27 113141391 Fax: +27 113141681, John Alexander, j.alexander@krohne.com, www.za.krohne.com
1 28 29 30 31 32 33 34 35 36 37 38 39 56  FlippingBook