Weak current College】 【firewall definition and functional classification.

<br> What is a firewall? <br> <br> The firewall is set up in different networks (such as a trusted enterprise intranets and untrusted public network) or network security domains of a series of parts. It is the different networks or .network security domains information only, according to the company's security policy control (allow, deny, monitoring) the flow of information to and from the network, and itself has a strong anti-attack capability. It is to provide information security services, network and .information security infrastructure. <br> <br> Logically, a firewall is a separator, a limiter and a parser, effective monitoring of the internal network and Internet activities, between any guarantee that the internal network security. <br> <br> A .firewall is a barrier: network security <br> <br> A firewall (as blocking point, control points) can greatly improve the security of an internal network, and by filtering is not secure services and reduce risk. Since only carefully selected application protocols .through a firewall, so the network environment more secure. If a firewall can prevent such as well known unsafe NFS protocol access to a protected network, so that an external attacker will not be able to take advantage of these vulnerable Protocol to attack the internal network .. A firewall can protect networks from attacks based on routing, such as IP options in the source routing attacks and ICMP redirect to redirect the path of. The firewall should be able to deny all these types of attacks and notification packet firewall administrators. <br .> <br> A firewall can strengthen network security policy: <br> <br> Through firewalls-centric security solution configuration, all security software (such as passwords, encryption, authentication, audit, etc.) configured on the firewall. And decentralized .network security problems to all hosts, centralized security management of the firewall is more economic. For example, network access, once a secret password system and other authentication system completely eliminates the need to spread across all hosts, but focused on a firewall. <br .> <br> Prevent leaks of internal information: <br> <br> Through the use of firewalls on the internal network Division for intranet focus segment of isolation, which limited local focus or sensitive network security issues on the impact of the global network. .Furthermore, privacy is of great concern to the internal network. Finger displays a host of all the user's name, real name, the last login time and use shell type. However, Finger displays information very easy be knowledge. An attacker may be able to .know that a system of frequency of use, this system is a user is online on the Internet, the system is compromised, attention, and so on. Firewalls can also clog the internal network DNS information, so that a host's domain name and IP address .will not be understood by the outside world. <br> <br> In addition to security, firewall also supports have Internet service characteristics of the enterprise's internal network VPN technology system. Via VPN, enterprises and institutions in the geographical distribution of the world's LAN .or private subnet, organically into one whole. Not only eliminates the dedicated communication lines, as well as information sharing provides technical support. <br> <br> The types of firewall <br> <br> Firewall technologies may, in accordance with the .precautionary approach and focus that is divided into many types, but generally can be divided into two broad categories: packet filtering, application proxy. <br> <br> Packet filtering (Packetfiltering): role in the network layer and transport layer, which according .to the group header source address, destination address and port number, protocol type, flag to determine whether to allow packets to pass through. Only satisfy the filtering logic of packet is forwarded to the appropriate destination outlet port, the remaining packets are dropped from the .data flow. <br> <br> Application proxies (ApplicationProxy): also called application gateway (ApplicationGateway), its role in the application layer, its characteristics are completely "blocked" the network traffic, through each application services produce specialized agent implementation monitoring .and control application-layer traffic. Application gateway is typically implemented by a dedicated workstation. <br> <br> Packet filtering firewall <br> <br> Packet filtering or packet filtering, is a universal, affordable, and effective security tools. Is .common because it is not specific to each specific network services take special handling; is cheap because most routers provide packet filtering; is effective because it largely meet the security requirements of enterprises. <br> <br> Packet filtering at the network layer and transport .layer. It is the source of the package under grouping, residential address, port number and protocol type, flag to determine whether to allow grouping packages. On the basis of information derived from IP, TCP or UDP header. <br> <br> .Packet filtering has the advantage that no changes to client and host applications, because it works at the network layer and transport layer, and application layers. But its weakness is clear: according to the filtering criterion of the only network and transport layers of limited information ., and various safety requirements could not be fully met; in many filters, filter rule number is limited, and with the increase in the number of rules, performance can be greatly influence; lack of contextual information, cannot be effectively filter such as UDP and .RPC protocol a class; in addition, most of the filters in the lack of audit and alert mechanisms, and the management methods and poor user interface; on security managers to establish high quality requirements, safety rules, must be on the agreement itself and its .different applications in a more in-depth understanding. Therefore, the filters are typically and application gateway, comprise the firewall system. <br> <br> Application of agent typeFirewall <br> <br> Application proxy firewall is an intranet and extranet isolation .points, play a monitoring and isolated from application-layer traffic. At the same time also often combined into the filter function. It works at the highest level of the OSI model, holds the application system can be used for all of the information security decisions .. <br> <br> Complex firewall <br> <br> Due to higher security requirements, often based on packet filtering methods and the methods based application proxy to form complex firewall products. This combination is often the following two scenarios. <br .> <br> Shielding host firewall architecture: in the structure, the packet filtering router or firewall that are connected to the Internet, while a bastion of machines installed in the internal network, packet-filtering router or firewall filtering rules settings so that the bastion .machines become the other node on the Internet can reach only node, which ensure that the internal network from unauthorized external users. <br> <br> Screened subnet firewall architecture: Fortress machine on one subnet, a demilitarized zone, two grouped filtering routers on .this subnet's ends, the subnet and Internet and internal network separation. The screened subnet firewall architecture, bastion hosts and packet-filtering router make up the entire Firewall Security Foundation. <br> <br> Firewall operating system <br> <br> The .firewall should be built on top of the security of the operating system, and security of the operating system from the dedicated operating system security reinforcement and improvement, the many products from an existing view, on the security of the operating system kernel for curing and modification .primarily from the following aspects: cancel dangerous system calls; limit command execution permissions; cancel IP forwarding; check each grouping interface; the use of random connection number; grouping filter module resides; cancel dynamic routing functionality; the use of multiple security kernel, and .so on. <br> <br> Firewall the ability to resist attacks <br> <br> As a safety device, firewall in networks of nature is the goal of many attackers, so the hack-ability is also an essential function of a .firewall. <br> <br> Firewall limitations <br> <br> There was some firewalls cannot protect against security threats, such as firewalls cannot protect against attacks without a firewall. For example, if you allow from protected network outward dialing, some .users may be able to form a direct connection to the Internet. In addition, the firewall is very difficult to prevent from network attacks and virus threats. <br> <br> <br>.