I personally know that firewalls are divided into software firewalls and hardware firewalls.
In terms of software firewalls, there are also network firewalls and virus firewalls, among which there are also mobile phone firewalls. Our commonly used software firewalls include rising star and Alibaba Cloud ice security.
Here, I will reference some ready-made items on the hardware firewall to describe the use of the hardware firewall in the network.
First, why do we need to study Security?
What is "Computer Security "? Broadly speaking, security refers to preventing others from using your computer or peripheral devices to do anything you don't want them to do. The first question is: "What resources are we trying to protect ?" The answer is not clear. Generally, the answer to this question is to take necessary host-specific measures. Figure 5 shows the current strong network.
Many people complain that there are too many Windows vulnerabilities, and some even worry about one vulnerability after another. To this end, this article briefly introduces how to build a network security defense line.
Disable useless services
Windows provides many services. In fact, many of them cannot be used at all. You may not know that some services are opening backdoors for people who are eager to test.
There are many services in Windows, so I will not introduce them too much here. You can disable certain services according to your actual situation. Disabling unnecessary services not only reduces security risks, but also increases the running speed of Windows. Why not?
Patch
From time to time, Microsoft will provide free patches on the Internet, so you can patch them if you have time. In addition to enhancing compatibility, it is more important to block detected security vulnerabilities. It is recommended that you have the ability to patch your patch based on your actual situation.
Firewall
Select a method to completely isolate viruses. The physical isolation Fortigate can prevent more than 10 hacker attacks,
Distributed Service Denial Of attack DDOSDistributed Denial-Of-Service attacks)
※Syn Attack
※Icmp Flood
※Udp Flood
IP Fragmentation attacks)
※Ping of Death attack
※Tear Drop attack
※Land attack
Port Scan Attacks)
IP Source route attack IP Source Attacks)
IP Spoofing Attacks
Address Sweep Attacks
In WinNuke Attacks, you can configure Fortigate to send a warning email to the Administrator when being attacked. You can specify up to three Email recipients.
The basic measure of the firewall is isolation. After the firewall is installed, necessary settings and time log tracking must be performed on it. In this way, we can exert its maximum power.
Here we will focus on the concept of firewall and the connection with the access control list. Here I have integrated the definition of the firewall and access control table on the Internet.
Firewall Concept
The firewall contains a pair of contradictions (or machines ):
On the one hand, it restricts data circulation, and on the other hand, it allows data circulation.
Because the network management mechanism and security policy are different, the contradiction is presented in different forms.
There are two extreme situations:
The first method is to prohibit all non-permitted items, and the second is to allow all non-prohibited items.
The first type is secure but not easy to use. The second type is easy to use but insecure, while most firewalls adopt a compromise between the two.
Improving access efficiency while ensuring firewall security or security is currently a hot topic in firewall technology research and implementation.
Protect vulnerable services
By filtering insecure services, Firewall can greatly improve network security and reduce the risks of hosts in the subnet. For example, Firewall can disable the passing of NIS and NFS services, while Firewall can reject both source routes and ICMP redirection packets.
Control System Access
Firewall can provide access control for the system. For example, allow external access to some hosts and prohibit access to other hosts.
Centralized Security Management
Firewall implements centralized security management on the enterprise intranet. The security rules defined in Firewall can run on the entire internal network system, without setting security policies on each machine on the Intranet. Firewall can define different authentication methods without installing specific authentication software on each machine. External users only need to pass one authentication to access the Intranet.
Enhanced confidentiality
Using Firewall can prevent attackers from obtaining useful information about the attack network system, such as Figer and DNS.
Record and count network utilization data and illegal use data
Firewall can record and collect statistics about network usage through Firewall's network communication. Firewall can also provide statistics to determine possible attacks and detection.
Policy execution
Firewall provides a way to develop and execute network security policies. When Firewall is not set, network security depends on the user of each host.
Firewall functions
Firewall is a barrier for network security:
A firewall can greatly improve the security of an internal network and reduce risks by filtering insecure services.
The firewall can enhance network security policies:
With the firewall-centered security solution configuration, all security software such as passwords, encryption, identity authentication, and auditing can be configured on the firewall. Compared with spreading network security problems to various hosts, centralized security management of firewalls is more economical.
Monitor and audit network access and access:
If all accesses go through the firewall, the firewall can record these accesses and make log records, and also provide statistics on network usage. When a suspicious action occurs, the firewall can trigger an appropriate alarm and provide detailed information about whether the network is monitored and attacked.
In addition, it is important to collect the usage and misuse of a network.
The first reason is that it can be clear whether the firewall can withstand the detection and attack of attackers,
Check whether the firewall has sufficient control. Network usage statistics are also very important for network demand analysis and threat analysis.
Prevent internal information leakage:
Privacy is a concern of internal networks. by using firewalls to divide internal networks, you can isolate key network segments on the Intranet, thus limiting the impact of local key or sensitive network security issues on the global network.
In addition to security, the firewall also supports the Intranet Technical System VPN with Internet service features. Through VPN, enterprises and institutions in the region distributed around the world LAN or dedicated subnet, organically integrated into a whole. It not only saves private communication lines, but also provides technical support for information sharing.
Firewall Technology
The firewall can enhance the security of the internal network of the organization. Only authorized data passes through the firewall, and the firewall itself must be able to avoid penetration.
Five functions of the firewall
Generally, a firewall has the following functions:
1. Allow the network administrator to define a central point to prevent unauthorized users from accessing the internal network.
2. You can easily monitor network security and give an alarm.
3. can be used as the location for deploying NATNetwork Address Translation, network Address Translation). Using NAT technology, the limited IP Address can be dynamically or statically mapped to the internal IP Address, it is used to alleviate address space shortage.
4. It is the best place to audit and record Internet usage fees. The network administrator can provide the management department with Internet connection fees, identify potential bandwidth bottlenecks, and provide department-level billing based on the Organization's accounting model.
5. You can connect to a separate CIDR block, which is physically separated from the Intranet segment, and deploy the WWW server and FTP server here as the location where internal information is published to the outside. From a technical point of view, it is the so-called ceasefire zone DMZ ).
Two types of firewalls
1. packet filtering Firewall
Generation 1: static packet filtering
This type of firewall reviews each packet based on the defined filtering rules to determine whether it matches a packet filtering rule. Filter rules are formulated based on the packet header information. The header information includes the IP Source Address, IP Destination Address, transmission protocol (TCP, UDP, ICMP, etc.), TCP/UDP destination port, and ICMP message type. A basic principle for a packet filtering firewall is the "minimum privilege" principle, which explicitly allows the Administrator to pass packets and disallow other packets.
Second generation: dynamic packet filtering
This type of Firewall uses dynamic packet filtering rules to avoid static packet filtering problems. This technology was later developed into the so-called package status monitoring Stateful Inspection) technology. The firewall that uses this technology tracks every connection established through it, and dynamically adds or updates entries to the filter rules as needed.
2. proxy firewall
Generation 1: proxy firewall
The proxy firewall is also called the Application Gateway (Application Gateway) firewall. This Firewall uses a Proxy) technology to participate in the whole process of a TCP connection. After the packets sent from the inside are processed by such a firewall, they are like the external network card of the firewall, which can hide the internal network structure. This type of firewall is considered the safest firewall by network security experts and media. Its core technology is the proxy server technology.
The most prominent advantage of proxy firewall is security.
Because each connection between the internal and external networks must be handled through Proxy intervention and conversion through a security application specially designed for specific services such as Http, then, the firewall submits requests and responses, without giving computers on the internal and external networks any chance of direct session. This prevents intruders from intruding into the intranet using data-driven attacks. It is difficult for a packet filtering firewall to completely avoid this vulnerability.
The biggest drawback of the proxy firewall is that the speed is relatively slow. When the throughput requirements of the internal and external network gateways are high, for example, when the throughput requirements are-Mbps, the proxy firewall will become a bottleneck between the internal and external networks. Fortunately, the current Internet access speed is generally much lower than this number. In the real environment, packet filtering Firewall should be considered to meet the speed requirements, most of which are between high-speed network ATM or Gigabit Ethernet.
Second generation: Adaptive proxy firewall (
