... protocols^1.1

Firewalls should always use static routing tables, so we will not consider routing protocols here.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... program^1.2

A host which is running a server program may in turn also be referred to as a server.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... cracker^1.3

We use the term cracker rather than hacker; in its original connotations, hacker implied a level of skill rather than a malicious intent.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... ^1.4

This last attack is known as a SYN flood attack. There are ways to reduce the impact of SYN flood attacks, but no real means of prevention without violating the TCP specification. The firewall uses a shortened timeout on incoming connection requests, a large connection request queue, and less resources for each pending connection; this does not prevent SYN floods, but should greatly reduce the impact of such attacks.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... increased?^2.1

Given the nth password, it is easy to determine the n+1th password; the converse is not the case.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... hard-drive^2.2

Multiple hard-drives are not supported by the CEQURUX installation program, but can be added later.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... firewall^3.1

Actually, things are not quite so drastic. If the password is compromised, then the firewall can be broken into, but only if the attack comes from the firewall console itself.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... interest^3.2

Use the command `man boot' while logged on to the firewall for full details.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

... `http'-style.^4.1

Note that this is disabled for US-registered firewalls until September 2000, when the RSA patent expires.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.