A firewall is just a term that is commonly applied to layer 3 (and above) devices and has become synonomous with IP. However, it is possible to implement security at layer two on bridges using a number of standard and proprietary methods. The standard methods would include the use of non-router VLAN implementations and MAC address filtering. Many manufacturers also provide extensions to these standards, e.g. Cisco and PVLAN implementation, and their own proprietary security features. Most manufacturers will allow for the tracking of specific MAC source addresses on inbound bridge ports. This allows a port to be blocked if an unknown address is encountered. Searching the manufacturer documentation for "port security" would be a good idea. It is also possible to implement MAC address filters to filter traffic via source/destination MAC address. Bridge filters are also commonly employed which are able to filter out traffic according to frame type, e.g. 0x800 (IP). Many frames carrying certain types of protocol payload can be filtered in this manner.
So, in summary a firewall is really just an element (network or software), that sits between a trusted and non-trusted zone and is employed in filtering traffic according to a pre-defined policy. It can work from layers 2 to 7 (OSI reference model), but is commonly associated with layer 3 upwards (within the IP community). I hope this helps. Cheers, Mark Searle. -----Original Message----- From: ashley thomas [mailto:[EMAIL PROTECTED]] Sent: 06 January 2002 02:17 To: [EMAIL PROTECTED] Subject: Firewall: a basic question hi, which is the lowest layer where a firewall can be implemented ? i guess, it is network layer (layer 3) in that case , how is firewall implemented on bridges , which is a layer 2 device ? thanks ashley _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com Email Disclaimer The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.
