Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP 9000 Networking: Installing and Administering PPP

Chapter 5 Security Techniques
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Table of Contents

Static Packet Filtering
The Foundations of Security Policies
Filter File Rulesets
Filters
Filter Stanzas
Packets Overview
Internet Protocol (IP) Level
Internet Control Message Protocol (ICMP) Level
Transmission Control Protocol (TCP) Level
User Datagram Protocol (UDP) Level
Building a Stanza - General
Building a Stanza - Specifics
Numbers and Addresses
Keywords with Numbers
Keywords with Origins and Destinations
Keywords Based on TCP Packet Header Bits
Keywords Based on IP Options
frag Keyword
all Keyword
Time-Based Keywords
Unreach Keyword and Sending ICMP Messages
Log and Trace Keywords
Stanza Syntax
Writing a Stanza - A Complex UDP Example
An Unsafe Domain Name System Rule
What Happens During Domain Name Queries
Developing Safer Domain Name Request Rules
Writing a Stanza - TCP Examples
Two Approaches to Filtering TCP connections
Identifying Rulesets with Hostnames and Addresses
A Note on Ruleset Formatting
Ordering Stanzas Effectively
Isolating an 'Incorrect' Stanza
Working with Default Rulesets
Open Policy Default Rulesets
A Note on Using the 'log rejected' Filter
Closed Policy Default Rulesets
Block All Packets
Block All Packets Except Electronic Mail
Limiting Electronic Mail to a Gateway
Unresolvable Hostnames and Changing IP Addresses
Conclusion
A Note - Blocking Loose Source and Strict Source Routing Options
Closed Policy Filter Example
Complete Filter Example
Open Policy Filter Example
Common Mistakes
Complete Filter Example
Time-To-Call Restrictions
Dial-Back
Dial-Back Process
Blocking SIGHUP with Chat Script \M Option
Reversing Instructions with \m Option
Link Peer Authentication
Replacing getty with pppd

It is impractical to impose thorough security policies on each internal host of the networks linked by an PPP connection. But PPP's strong security features support a variety of techniques that strengthen your network's ability to prevent loss.

In most cases, a single connection can be supported by more than one of PPP's security features. For example, a connection might use any of the following:

  • Packet Filtering

  • Time to Call Restrictions

  • Dial Back

  • CHAP Authentication



IP Routing Tips
  		 


Static Packet Filtering  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1997 Hewlett-Packard Development Company, L.P.