Basic network security knowledge-firewall applications

Introduction]
Since Digital Corporation installed the world's first commercial firewall system on the Internet in 1986, it has proposed the concept of firewall, and the firewall technology has developed rapidly.

Firewall Technology Status quo

Since Digital Corporation installed the world's first commercial firewall system on the Internet in 1986, it has proposed the concept of firewall, and the firewall technology has developed rapidly. The second-generation firewall, also known as a proxy server, is used to provide network service-level control and acts as an intermediate transfer when an external network applies for services from a protected internal network, this method can effectively prevent direct attacks on the internal network, with high security. The third-generation firewall effectively improves the security of the firewall, called the status monitoring function firewall, which can detect and monitor packets at each layer. With the development of network attack methods and information security technology, a new generation of more powerful and more secure firewalls has been launched. At this stage, firewalls have exceeded the traditional firewall category, it has evolved into a comprehensive security technology integration system, called the fourth generation firewall, which can defend against common network attacks, such as IP Address Spoofing, Trojan Horse attacks, Internet Worms, password search attacks, and email attacks.

Firewall definition and description

For the term "firewall", refer to the security technologies applied in building structures. The walls used to separate buildings are used to isolate different companies or rooms and prevent fire as much as possible. Once a unit fires, this method protects other residents. However, most firewalls have an important door that allows people to enter or leave the building. Therefore, although the firewall protects people's security, this door allows necessary access while providing enhanced security.

In a computer network, a network firewall acts as a barrier to guard against potential malicious activities, you can also use a "Door" to allow people to communicate between your secure network and an open and insecure network. Originally, a firewall is composed of a single machine, which is placed between your private network and the public network. In recent years, the firewall mechanism has developed to not only "firlwall box", but also to the bastion host. It now involves the entire area from the internal network to the external network, composed of a series of complex machines and programs. To put it simply, the main concept of today's firewall is the application of multiple components. To implement your firewall, You Need To Know What services your company needs and what services are effective for both internal and external users.

Firewall task

Firewall is crucial in implementing security. A firewall policy must meet four goals, and each target is generally not achieved through a separate device or software. In most cases, firewall components are put together to meet the company's security needs. The firewall must meet the following four goals:

Implement a company's security policy

The main purpose of the firewall is to enforce your security policy. The previous course mentioned the importance of security policies in appropriate network security. For example, if your security policy only needs to limit the SMTP traffic of the MAIL server, you must directly enforce these policies on the firewall.

Create a blocking point

A firewall establishes a checkpoint in a company's private network and a network shard. This implementation requires that all traffic go through this checkpoint. Once these checkpoints are clearly established, firewall devices can monitor, filter, and check all incoming and outgoing traffic. The network security industry calls these checkpoints a blocking point. By forcing all inbound and outbound traffic to pass these checkpoints, the network administrator can focus on a small number of Parties for security purposes. If there is no such point for monitoring and control information, the system or security administrator should monitor it in a large number of places. Another checkpoint name is the network boundary.

Record Internet activities

The firewall can also force logging and provide the alarm function. By implementing Log service on the firewall, the security administrator can monitor all access from the external network or the Internet. A good log policy is one of the effective tools to implement appropriate network security. The firewall provides more information for administrators to archive logs.

Restrict network exposure

The firewall creates a protected boundary around your network. In addition, some information about your internal system is hidden from the public network to increase confidentiality. When remote nodes detect your network, they can only see the firewall. Remote devices will not know the layout of your internal network and what is there. The firewall improves the authentication function and encrypts the network to limit the exposure of network information. Checks the source when any incoming traffic is allowed to restrict external attacks.

Firewall terminology

Before we continue to discuss firewall technology, we need to have some knowledge of some important terms.

Gateway

A gateway is a system that provides forwarding services between two devices. Gateways can range from Internet applications such as public gateway interfaces (CGI) to firewall gateways that process traffic between two hosts. This term is very common and will be used in this lesson in a Firewall component to route and process data in two different networks.

Regional Gateway

A trusted gateway is used to monitor the TCP handshake information between a trusted customer or server and an untrusted host. This determines whether the session is valid, the hierarchical gateway filters data packets at the Session Layer in the OSI model, which is two layers higher than the packet filtering firewall. In addition, the ingress Gateway provides an important security function: Network Address Transfer (NAT) maps all internal IP addresses of the company to a "secure" ip address, this address is used by the firewall. There are two ways to implement this type of gateway. One is to use one host as the filter router and the other as the application-level firewall. The other is to establish a secure connection between the first firewall host and the second firewall host. This structure provides fault tolerance when an attack occurs.

Application Gateway

Application-level gateways can work on any layer of the OSI Layer-7 model to check incoming and outgoing data packets and transmit data through gateway replication, prevents direct connections between trusted servers and clients and untrusted hosts. Application-level gateways can understand the protocols at the application layer, perform complex access control, and perform fine registration. Software is usually installed on special servers.

Package filtering

Packet filtering is a device that processes packet-by-packet traffic on the network. The package filtering device allows or blocks packets. A typical implementation method is through a standard router. Packet filtering is one of several different firewall types. We will discuss it in detail later in this lesson.

Proxy Server

The Proxy Server communicates with the external server on behalf of the internal client. The term "Proxy Server" usually refers to an application-level gateway, although a region-level gateway can also be used as a proxy server.

Network Address Translation (NAT)

The network address is used to hide the internal address of the Internet to prevent the disclosure of the internal address. This function can overcome many limitations of IP Addressing and improve the internal addressing mode. You can access the Internet by ing unregistered IP addresses to valid addresses. Another name of NAT is IP address hiding. RFC1918 outlines the address and IANA recommends using the internal address mechanism. The following addresses are reserved addresses:

10.0.0.0-10.20.255.255
172.16.0.0-172.31.255.255
192.168.0.0-192.168.255.255

If you select the network address in the preceding example, you do not need to register with any Internet authority. One advantage of using these network addresses is that they will never be routed on the Internet. All vrouters on the Internet will be automatically discarded when the source or target address contains these private network IDs.

Bastion host

A bastion host is a reinforced computer that can defend against attacks. It is exposed on the Internet and serves as a checkpoint for accessing the internal network, in order to solve the security problem of the entire network on a host, it saves time and effort, and does not need to consider the security of other hosts. From the definition of the bastion host, we can see that the bastion host is the most vulnerable in the network. Therefore, the bastion host must also be the most well-protected host. You can use a single-host bastion host. In most cases, a bastion host uses two NICs, each of which connects to a different network. One Network Card connects to your company's internal network for management, control and protection, while the other connects to another network, usually the public network or Internet. The gateway service is often configured on the bastion host. The gateway service is a process that provides special protocol routing from the public network to the private network, and vice versa. In an application-level gateway, each application process protocol you want to use requires a process. Therefore, if you want to use a bastion host to route emails, you must provide a daemon for each service when using Web and FTP services.

Enhanced Operating System

The firewall requires that only a small number of required services be configured as much as possible. To enhance the stability of the operating system, the firewall installer must disable or delete all unnecessary services. Most Firewall Products, Including Axent Raptor (www.axent.com), CheckPoint (www.checkpoint.com), and Network Associates Gauntlet (www.networkassociates.com), can run on popular operating systems. Such as Axent Raptor firewall can be installed on Windows NT Server4.0, Solaris and HP-UX operating systems. Theoretically, it is very difficult to use System bugs to attack the operating system by providing only the most basic functions. Finally, when you strengthen your system, consider not to bind any protocol to your external Nic except the TCP/IP protocol.
　
Unmanaged zone (DMZ)

DMZ is a small network that exists between the company's internal network and external network. This network is created by a screening router, sometimes a blocking router. DMZ is used as an extra buffer to further isolate the public network from your internal private network. Another DMZ name is Service Network, because it is very convenient. The disadvantage of this implementation is that no server in the DMZ region will be fully protected by the firewall.
Filter Routers

Another term used to filter routers is packet filtering. At least one interface is connected to the public network, such as the Internet. It analyzes all the information in and out of the internal network, and limits the information in and out of the internal network according to certain security policies-Information Filtering Rules, allowing the authorization information to pass, deny unauthorized access. Information Filtering Rules are based on the packet header information they receive. The firewall using this technology has the advantages of fast speed and convenient implementation, but poor security performance. In addition, due to the different types of application service protocols represented by TCP and UDP port numbers in different operating system environments, therefore, the compatibility is poor.

Block vro

A blocked router (also called an internal router) protects the internal network from Internet and peripheral network attacks. The internal Router performs most data packet filtering for the user's firewall. It allows selective outbound services from the internal network to the Internet. These services allow your site to use data packet filtering instead of proxy service security support and