Slovak versionEnglish version

THR Systems a. s.
Jilemnického 3, Zvolen
tel.: +421 650 52 00 00
info@thr.sk

Branch Bratislava
THR Systems a. s.

Čapkova 2, Bratislava 1
tel.: +421 650 52 00 15
info@thr.sk

Branch Nové Zámky
THR Systems a. s.

Turecká 36, Nové Zámky
tel.: +421 650 52 00 33
info@thr.sk


Solutions - Network

Firewall

Firewall is a facility of operating system, which controls network traffic to and from the computer or through it. It is possible to protect the computer from unauthorised access from network by this facility. In the case this facility acts as a gateway, it is possible to protect entire network, or to control the access.

The firewall is a component of every modern operating system. But not every of them serve the same capabilities of protection of a host or network.

The usual firewall enables to filter packets by header content. There are records of source and destination, of type of service and more in it.

Moreover modern firewalls enable stateful inspection. It is a technique in which the firewall by inspection of the network traffic make database of open connections and it performes intelligent decisions. It is able to identify packets which are related to already existing connections and thus are legitimate, and enables the communication through firewall even though they are not explicitely enabled. While using stateless filtration it is required to open wide range of ports to enable flow of related packets. The stateful inspection aggresively increases the security of the protected network. In the similar way it is possible to identify and block suspicious packets.

The firewall enables also the collection of statistics of transferred data. This could be helpful in analysis of the network use or of use of their services.

It is possible to bind firewall with DHCP service and thus filter unauthorised network access.

Network Address Translation

The collateral technique to fierwalling is a NAT (Network Address Translation). This technique enables to translate IP adresses of current network to others and the opposite users see the translated addresses. Also circumstances where it is required to redirect the service to another place in the network fall into that category. It is possible to create transparent proxy by that technique. All the requests to the defined service (i. e. www) are redirected to a local proxy server. Another mean of use of NAT is the technique IP Masquerading. It enables to masquerade entire network by the single address of the gateway. The gateway rewrites all the outgoing communication by its source address and distributes the backwards communication to the original senders. The NAT enables to modify packets by the type of service to affect the throughput or the response time of the service.

Other technique related to the firewall is QoS (Quality of Services). It enables to control the rate of the data traffic on the output. Technique is suitable to allocate bandwidth to separate hosts in the network while accessing to the internet if they have direct access.

Operating system Linux serves all mentioned services.

Virtual Private Networks

The interconnection of branches of a company through the internet is a frequent requirement. Such communication has often private character, but the communication through the internet is a communication through a public network, thus it is public. It is possible to create a tunnel between branche networks through the internet so it is transparent.

The first possibility is the use of the GRE tunnel or other similar means. The internet as a communication mean is seamless for users in a network, and by such tunnel it is possible to interconnect networks which have addresses inaccessible from internet. The drawback of that solution is, that the communication could be intercepted.

The most suitable solution is enciphering of the communication by the widely used standard. IPsec is such a standard. It works as a usual tunnel between networks or hosts but is is secured. Moreover it enables secure communication between network and road warriors with dynamic IP addresses. This could be dialed networks or workers which connect to the internet from many places. All of then could work as if they were connected to the internal network.

DHCP Server

DHCP server enables lighten the management of the network by automatic assignment of IP addresses to the clients. The assignment is done by specific key either statically or dynamically. No network configuration is usually required on the client side.