![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0033.jpg)
vice, pretending it was the original sender of the traf-
fic. A stateful firewall picks this up because it moni-
tors the actual connection and not just the packets
individually.
A properly configured firewall is set with a gener-
al policy to deny any traffic passing through it, with
specific rules created for each traffic stream that
needs to be allowed. These rules should be as tightly
specific as possible. For example, if two individual
devices in a subnet need internet access to an online
server, make the rule from only those two devices’
IP addresses to the server’s address on the Internet,
rather than the entire subnet to the Internet. If they
only talk over a single TCP port, set that port as an-
other restriction. This makes it harder for anyone to
find access through a loophole in the rules.
Modern firewall packages come with various
other services, each of which needs to be licenced
separately. This allows users to pick and choose the
specific security options they want to integrate and
use on their systems, and can include services such
as built in anti-virus checkers, which check all in-
coming files, or traffic managers which can be con-
figured with a set of rules determining which web-
sites can be accessed from inside a secure network.
Other services include monitoring of outgoing con-
nections to see which devices are performing what
services and actions. Whilst many of these features
are meant more for corporate environments, they
are becoming useful for mission-critical networks
as well.
5.6 Virtual Private Networks
Another important feature of firewalls is their ability
to function as a VPN server. A VPN, or Virtual Private
Network, is exactly what the name implies. It is a
virtual connection between another router or an end
device, and the firewall or VPN server. This creates a
virtual network connection that is private: it requires
authentication (username and password) to connect
to, and encrypts all traffic travelling across it. A VPN
can be created over an unsecure network such as
the Internet and sensitive traffic can be sent across it
without fear of this traffic being intercepted. These
days VPNs are popular for civilian use to obscure
Internet activities and to bypass various geographic
fact Your PC, tablet or Android smartphone as a full featured and cost-effective HART communicator ProComSol – DD based communication package • Easy-to-use and reliable combination of Smart communicator software and USB or Bluetooth HART modem (>80m range) • Extended functionality: easy updating, multi-function and documentation capability • Complete HART configurations using device DD: all parameters, including methods KROHNE South Africa 8 Bushbuck Close, Corporate Park South Randjiespark, Midrand, Tel.: +27 113141391 Fax: +27 113141681, John Alexander, j.alexander@krohne.com, www.za.krohne.com