HostedDB - Dedicated UNIX Servers

TICM - The Firewall Hardening Guide v0.1

The Firewall Hardening Guide v0.1 - Introduction



Introduction

FW-1 Overview

Check Point FireWall-1 is a software firewall product that uses Stateful Inspection Technology, which was invented and patented by Check Point. FireWall-1 inspects all packets passing between networks connected to the product, blocking all unwanted communication attempts. It supports the comple-te TCP/IP family of protocols.
The packet inspection is based on information contained in protocol headers and the state information derived from one or more associated packets. FireWall-1 can therefore be configured not only to in-spect individual IP packets based on the IP header information, such as source and destination IP ad-dresses, but also to examine state information in multiple IP packets.
FireWall-1 provides IP address translation that permits selected internal network addresses to be hidden from the external network so that only the internal network hosts are able to initiate communica-tions. FireWall-1 also provides source and destination address translation, to overcome the limitation of the number of IP addresses on the Internet.
FireWall-1 may be configured to operate connected to one external (public or unprotected) network and up to 31 physical internal (protected) networks. FireWall-1 is managed locally via a workstation or con-sole directly connected to the firewall.