The Nokia IP60 Firewall32 Nokia IP60 Security Appliance User GuideIn other words, on top of the damage done by computer information theft or abuse, unauthorized access to acomputer or a computer network can seriously damage the entire organization's essential operations,communications, and productivity. For example:An online store's Web site can be hacked, so customers cannot enter orders.An unauthorized user can take advantage of an organization's email server to send unsolicitedbulks of email. As a result, the organization's Internet communication lines will be overloaded,and employees in the organization will be unable to send or receive emails.Since computer and network security has become a central part of information and general security,security managers must either have an understanding of computers and networking, or work closely withnetwork administrators and network security specialists.The Nokia IP60 FirewallWhat Is a Firewall?The most effective way to secure an Internet link is to put a firewall between the local network and theInternet. A firewall is a system designed to prevent unauthorized access to or from a secured network.Firewalls act as locked doors between internal and external networks: data that meets certain requirementsis allowed through, while unauthorized data is not.To provide robust security, a firewall must track and control the flow of communication passing through it.To reach control decisions for TCP/IP-based services, (such as whether to accept, reject, authenticate,encrypt, and/or log communication attempts), a firewall must obtain, store, retrieve, and manipulateinformation derived from all communication layers and other applications.Security RequirementsIn order to make control decisions for new communication attempts, it is not sufficient for the firewall toexamine packets in isolation. Depending upon the communication attempt, both the communication state(derived from past communications) and the application state (derived from other applications) may becritical in the control decision. Thus, to ensure the highest level of security, a firewall must be capable ofaccessing, analyzing, and utilizing the following:Communication information - Information from all seven layers in the packetCommunication-derived state - The state derived from previous communications. For example,the outgoing PORT command of an FTP session could be saved so that an incoming FTP dataconnection can be verified against it.Application-derived state - The state information derived from other applications. For example, apreviously authenticated user would be allowed access through the firewall for authorizedservices only.Information manipulation - The ability to perform logical or arithmetic functions on data in anypart of the packet. For example, the ability to encrypt packets.