Network firewall is a special network interconnection device used to strengthen access control between networks.All computers flowing in and outNetwork CommunicationsAll must pass through this firewall.The firewall scans the network communication passing through it, so that it can filter out some attacks to prevent them from being executed on the target computer.The firewall can also shut down unusedport。Moreover, it can also prohibit outgoing communication of specific ports and block trojans.Finally, it can prohibit access from special sites, thus preventing all communication from unknown intruders.
Chinese name
Network firewall
Foreign name
Internet Firewall
Concept
Special network interconnection equipment used to strengthen network access control
basic function
Data filtering and shielding to protect the interiornetwork security
Main role
Strengthen security policies, limit exposure of user points, etc
The so-called“firewall”, a special access control facility, is a security barrier between the internal network and the Internet. The basic function of the firewall is to filter and shield unauthorized access and data transmission according to the requirements of various network security policies, which protects the security of internal network data.Logically speaking, the firewall is both an analyzer and a limiter. It requires that all data flows in and out of the internal network must be confirmed and authorized by the security policy and security plan, and logically realize the separation of internal and external networks to ensure the security of the internal network.A firewall can be a group of hardware, a group of software, or a combination of software and hardware.[1]
Main role
Announce
edit
firewallAsIntranetOne between the external networkaccess control Equipment is often installed at the junction of intranet and extranet.Firewall has good network security protection function.An intruder must first cross the security line of the firewall to contact the target computer.You can configure firewalls for many different levels of protection.High level protection may prohibit some services, such asVideo streamWait, but at least this is your own protection choice.The main functions of network firewalls are as follows: (1) Internet firewalls can prevent dangers (viruses, resource theft) on the Internet from spreading to the inside of the network;(2) Can strengthensecurity policy ;(3) Can effectively record activities on the Internet;(4) It can limit the exposure of user points;(5) It is a checkpoint for security policy.
classification
Announce
edit
1. Network layer firewall
The network layer firewall protects the entire network from illegal intrusion. Its typical technology isPacket filtering technologyThat is, check the packets entering the network, throw away the packets that do not meet the preset criteria, and let the packets that meet the criteria pass.Packet filtering technology is mainly based on routing technology. It filters packets according to the destination address, source address and port number of packets before forwarding them based on static or dynamic filtering logic.
2. Application level gateway firewall
application level gateway The firewall controls access to applications, that is, it allows access to some applications and blocks access to other applications.The method adopted is toApplication layer gatewayInstall agent software on the. Each agent module is for different applications.For example, Telnetproxy, a remote login proxy, is responsible for Telnet forwarding on the firewall, and FTP proxy, a file transfer proxy.Administrators can install appropriate agents as needed to control access to applications.Each agent module has nothing to do with each other. Even if a certain agent module fails to work, it only needs to be disassembled, which will not affect the normal work of other agent modules, thus ensuring the security of the firewall.This kind of firewall is also calledProxy firewall, which is filtered by the proxy server andRouterComposition is a popular firewall at present.
3. Monitoring firewall
The monitoring firewall is a new generation product, and this technology has actually exceeded the original definition of firewall.The monitoring firewall can actively and real-time monitor the data of each layer. Based on the analysis of these data, the monitoring firewall can effectively determine the illegal intrusion in each layer.At the same time, this kind of detection firewall product generally also has distributed detectors, which are installed in various application servers and nodes of other networks. These detectors can not only detect attacks from outside the network, but also have a strong role in preventing malicious damage from inside.[1]
Selection criteria
Announce
edit
1. Total cost of ownership firewall productsNetwork systemThe total cost of ownership (TCO) should not exceed the cost of the protected network system that may suffer the greatest loss;
2. As a security product of the information system, the firewall itself should also ensure security, so as not to give an opportunity to external intruders;
3. Management and training are important aspects of evaluating firewalls;
4. At the initial stage of network system constructionInternal information systemThe scale of the firewall is small, and the damage caused by attacks is also small, so it is unnecessary to purchase overly complex and expensive firewall products;
5. The most difficult aspect of firewall products to evaluate is the security performance of the firewall, that is, whether the firewall can effectively block external intrusion.[2]
A good firewall system should have three characteristics: (1) All data transmitted between the internal network and the external network must pass through the firewall;(2) Only authorized legal data, that is, data allowed by the security policy in the firewall system, can pass through the firewall;(3) The firewall itself is not affected by various attacks.[3]
Development limitations
Announce
edit
1. The firewall cannot prevent attacks from the internal network.Traditional firewall settingssecurity policy One of the basic assumptions of the Internet is that everyone on one side of the network, that is, outside the network, is untrustworthy, and everyone on the other side, that is, inside the network, is trustworthy.But in fact, 80% of attack accesses come from the internal network, resulting in insufficient security of the internal network.In addition, most traditional firewalls lack the understanding of the host's intentions, which can only be based ondata packetThe external characteristics of the filter.
2. The firewall cannot completely prevent users from transmitting software or files infected with viruses.
3. In order to improve the security of the protection network, the firewall restricts or shuts down many useful network services with security vulnerabilities.
4. Firewall is a passive means of protection, which can only work against known network threats and cannot prevent new network security problems.
5. The firewall cannot prevent data-driven attacks.
6. Intranet users can bypass the direct connection between the firewall and the Internet through special ways such as network phone, chat software, etc;In addition, a smart hacker may also use new technology to penetrate the firewall.Therefore, we still need to pay attention to strengthening the protection of host security.
7. Once the system administrator improperly configures the firewall, it is easy to leave a large number of security vulnerabilities.
8. Firewall settings are generally based on IP addresses, so changes in the IP addresses of internal network hosts and servers will cause changes in the rules in the settings file, that is, the settings of these rules are subject toNetwork topologyConstraints.[1]
Development prospect
Announce
edit
With the continuous development of network technology, network firewall technology is also developing and improving, and the security performance is also getting higher and higher. At present, network firewall mainly develops in several aspects:
First, because of the increasingly high requirements for the security and encryption of data transmitted on the network, the firewall is used to establishVPNBecome the development trend of enterprise intranet;
Second, the scope and depth of firewall filtering has been continuously strengthened, mainly in the development from the previous single-layer filtering, source and destination address filtering, routing filtering, etc. of the network layer toContent filtering, Web page review, and filtering of ActiveX with security risks;
Third, it is mainly to supplement the shortcomings of the traditional firewall functions, increase the protection measures for the internal network, and strengthen the detection and warning of network attacks;
Fourth, because no solution can be implemented 100%Network security protection, so we should continue to strengthenNetwork security managementAnd the strength of security audit to continuously improve the security performance of the network;
Fifthly, firewall technology will gradually change from the current passive protection state to an intelligent security product that can dynamically protect the internal network and integrate multiple network information security technologies.[4]
