Next: Accounting and Logging
Up: Authentication and Access Control
Previous: X.509 Authentication
The firewall
allows access to services to be controlled based on any combination
of the following attributes:
- The service name or port number.
- The host or network IP address of the host requesting the service.
- The source port (for UDP and TCP) or port range.
- The user requesting the service (this requires one of the
user authentication methods discussed above).
- The time of day and day of week of the request.
- The current number of connections for the service (i.e. you can limit
services to a number of instances, such as `at most ten simultaneous
telnet sessions'). These limits can also vary based on the time of day
and day of week of the request.
- The symbolic address or domain of the requested server.
This allows particular Web servers to be blocked, for example.
There are also some service-specific checks that are performed. For example,
with SMTP mail restrictions can be placed on the recipients of mail messages,
while with NNTP restrictions can be placed on which newsgroups can be read
at what times.
Apart from these explicitly configured checks, the firewall
performs some
additional checks, such as double reverse DNS lookups, route checking,
packet filtering, and so on. All accesses are
logged with details of source host, destination host,
user (where known), logical user group, date,
time, duration, and bytes received and sent.
Next: Accounting and Logging
Up: Authentication and Access Control
Previous: X.509 Authentication
Copyright © 2004, CEQURUX Technologies