Comprehensive analysis of firewall and firewall infiltration

(i) Introduction to the firewall

A firewall is a feature that protects an internal network or host by isolating the internal network from the external network or the Internet. A simple firewall can be performed by the ACL (Access control list) of the router,3 Layer switch, or it can be implemented with a single host, or even a subnet. Complex can be purchased by a dedicated hardware firewall or software firewall to achieve.

The features of the firewall are:

1, filter out unsafe services and illegal users

2, control access to special sites

3. Provides convenient endpoints to monitor Internet security and Alerts

Firewalls are not everything, and there are a number of firewalls that are powerless:

1, the firewall does not prevent bypassing the firewall attack. For example, firewalls do not restrict connections from the internal network to the external network, so some internal users may form a direct connection to the Internet, bypassing the firewall, Create a potential backdoor. A malicious external user is directly connected to the internal user's machine and initiates an unrestricted attack bypassing the firewall with the internal user's machine as a springboard.

2, firewall is not the antivirus wall, can not intercept the virus data transmission between the network.

3, the firewall on the data-driven attack also powerless.

Therefore, we cannot rely too much on firewalls. The security of the network is a whole, not a particular outstanding configuration. Network security is guided by the "cask principle".

General firewalls have the following characteristics:

1, a wide range of service support: Through the dynamic, application layer of filtering capabilities and certification combined to achieve the WWW browser, HTTP server, FTP, etc.

2, encryption of private data support: to ensure that through the Internet virtual private network and business activities are not damaged;

3, client authentication allows only designated users to access the internal network or select services: the Enterprise local network and branch offices, business partners and mobile users of the additional part of secure communication;

4. Anti-deception: Deception is a common means to gain access to the network from the outside, it makes the packet seems to come from within the network. Firewalls can monitor such packets and throw them away;

5. C/S mode and Cross-platform support: The management module running on one platform can control the monitoring module running on another platform.

Let's take a look at the traditional firewall working principle and its pros and cons:

1. The working principle of the (traditional) packet filtering firewall

Packet filtering is implemented at the IP layer, so it can be done only with routers. Packet filtering determines whether packets are allowed to pass through header information such as the source IP address, destination IP address, source port, destination port, and packet delivery direction. Filters user-defined content, such as an IP address. Its working principle is that the system checks the data packet on the network layer, it has nothing to do with the application layer, the application of packet filter is very extensive, because the time that the CPU uses to process packet filtering can be neglected. and the protection of the user is transparent, legitimate users in and out of the network, do not feel the existence of it, easy to use. So the system has good transmission performance, easy to expand. However, this firewall is not very secure because the system does not perceive the application-layer information-that is, they do not understand the content of the communication, can not be filtered at the user level, that is, do not recognize different users and prevent IP address theft. If an attacker sets the IP address of its host computer to the IP address of a legitimate host, it can easily pass through the packet filter, which is more likely to be compromised by hackers. Based on this working mechanism, the packet filtering firewall has the following defects: