Firewall and others-2

Firewall Technology

In ancient times, people often build a brick wall between apartments. Once a fire occurs, it can prevent the fire from spreading.
Extend to another apartment. Naturally, such a wall is named "firewall ".

Now, if a network is connected to the Internet, its users can access the external world and
Communication. However, the external world can also access and interact with the network. For security
You can insert an intermediary system between the network and the Internet to erect a security barrier. This screen
The purpose of the fault is to block external threats and intrusions from the network to the network.
The only security and audit level. This kind of intermediary system is also called "firewall" or "firewall system ".

In short, a firewall is considered as a secure and trusted internal network and
A blocking tool is provided between secure and trusted external networks (usually the Internet. In use
Behind the firewall's decision is the reasoning: If there is no firewall, a network will be exposed
Less secure Internet protocols and facilities face detection from other hosts on the Internet
And attack risks. In an environment without a firewall, network security can only be reflected in every
In a sense, all hosts must work together to achieve a high level of security.
Completeness. The larger the network, the higher the security level, the harder it is to manage. With security errors
And increasingly common defects, network intrusion not only comes from Superb attack methods, but also may come from
Low-level errors or inappropriate password options. Therefore, the role of the firewall is to prevent unwanted,
Unauthorized access to protected networks forces organizations to strengthen their network security policies.

A firewall system usually consists of a blocked router and a proxy server. The shielded router is a multi-Terminal
The IP router of the port checks each incoming IP packet based on a set of rules to determine whether or not
Forward it. Shield the router from the packet header to obtain information such as the Protocol Number and the IP address for sending and receiving packets
And port number connection flag and some other IP options to filter the IP package.

A proxy server is a server process in the firewall system. It can replace network users to complete specific tasks.
. A proxy server is essentially an Application Layer Gateway and a specific network
The application connects the two network gateways. For a TCP/IP application, such as Telnet or ftp
When dealing with proxy servers, the proxy server requires the user to provide the remote host name for access. When using
After the user replies and provides the correct user identity and authentication information, the proxy server connects to the remote host
Two communication points act as relay. The entire process can be completely transparent to users. User identity and
Authentication information can be used for user-level authentication. The simplest case is that it only consists of the user ID and password.
However, if the firewall is accessible through the Internet, we recommend that you use a stronger authentication mechanism.
For example, one-time password or challenge-responsive system.

The advantage of vro shielding is simplicity and low (hardware) costs. Its disadvantage is that packet filtering rules are correctly established.
It is difficult to shield router management costs, and there is a lack of user-level identity authentication. Router Production
Vendors are working on solving these problems. It is worth noting that they are developing and editing the package filter rules.
. They are also developing standard user-level authentication protocols to provide remote authentication.
Authentication Dial-In User Service (REDIUS ).

Proxy servers provide user-level authentication, logging, and account management. Its disadvantages are related
This fact: to provide comprehensive security assurance, we need to establish a corresponding response for each service.
Use Layer Gateway. This fact severely limits the adoption of new applications. A recently called SOCKS
Vientiane's proxy server came out. SOCKS is mainly composed of a proxy server running on the firewall system.
Software package and a library function package linked to various network applications. This structure is conducive to the new
Application connection.

The shielded router and the proxy server are usually combined to form a hybrid system.
It is used to prevent IP spoofing attacks. Currently, the most widely used configuration is that the Dual-homed firewall is blocked.
Server Firewall and subnet firewall that are blocked.