Firewall types and usage instructions

1. What is a firewall?

The firewall is called firewall. It establishes a monitoring barrier between the network and the computer to protect the system inside the firewall from cyberattacks. Logically, the firewall is not only an information splitter, a limiter, but also an information analyzer. It can effectively monitor any activity between the LAN and the Internet to ensure the security of the LAN.

The most famous software firewall on the network is LockDown2000. This software requires registration to obtain the complete version. It is powerful, ranging from protecting individual online users to maintaining business website operations, it can make amazing performance. However, because software registration requires a certain amount of fee, it is more realistic for individual users to choose a free firewall. Skynet firewall is more suitable for individual users here. Skynet firewall Personal Edition is a set of network security programs for personal computers. It can resist network intrusion and attacks and prevent information leakage.

2. Basic functions of Skynet Firewall:

The Personal Edition of Skynet firewall divides networks into two types: the Internet and the Internet. You can set different security solutions for different network information. The problems described below are all for the Internet, therefore, all settings are completed at the internet security level. How to prevent information leakage? If file sharing is open to the Internet without a password, others can easily view files on your machine over the Internet. If you allow file sharing and writability, others can even delete files. You can disable NETBIOS in the personal firewall's INTERNET security level settings so that others cannot access your shared resources over the INTERNET (this setting will not affect your resource sharing in the LAN ).

After a dial-up user obtains the IP address allocated to the Internet, the user can disable ICMP through the Skynet firewall, so that the hacker cannot determine whether the user's system is in the Internet status by using the PING method, the user's system information cannot be obtained directly through the IP address.

It should be noted that the information intercepted by the firewall is not completely attack information. It only records the packets that the system rejects in the security settings. In some cases, the system may receive some normal but intercepted data packets. For example, some routers may regularly issue some IGMP packets; or some hosts regularly PING the data to the local system to confirm that the connection is still maintained. If the firewall is used to block ICMP and IGMP, these intercepted data packets are displayed in the security record. Therefore, these intercepted data packets are not necessarily caused by hacker attacks on the system.

3. Benefits of using the Firewall:

Firewall can protect vulnerable services. By filtering out insecure services, Firewall can greatly improve network security and reduce the risks of hosts in subnets. For example, Firewall can disable the passing of NIS and NFS services and reject source routes and ICMP redirection packets.

In addition, the firewall can control access to the system. For example, some enterprises allow external access to some internal systems of the enterprise and prohibit access to other systems, you can use the firewall to set up the systems that can be shared. You can also set the internal system to only access specific external Mail Server and Web Server to protect the security of internal enterprise information.

4. Firewall types:

Firewalls are divided into three types: package filtering, application gateway, and proxy server:

(1) data packet filtering

Packet Filtering Technology selects data packets at the network layer based on the Filtering logic set in the system. It is called an Access Control Table ). Check the source address, Destination Address, port number, protocol status, and other factors of each data packet in the data stream, or their combination to determine whether the data packet is allowed to pass through. The data packet filtering firewall is simple in logic, inexpensive, easy to install and use, and has good network performance and transparency. It is usually installed on a router. Vro is an essential device for connecting the internal network to the Internet. Therefore, adding such a firewall on the original network requires almost no additional fees.

Packet filtering firewall has two disadvantages: First, once illegal access breaks through the firewall, it can attack software and configuration vulnerabilities on the host; second, the source address, destination address, and IP Port Number of the data packet are in the header of the data packet, which may be eavesdropped or spoofed.

(2) application-level gateway

Application Level Gateways are used to set up protocol filtering and forwarding functions on the network Application layer. It uses the specified data filtering logic for specific network application service protocols, and performs necessary analysis, registration, and statistics on data packets while filtering to form a report. In practice, application gateways are usually installed on dedicated workstation systems.

Data packet filtering is a common feature of the application gateway firewall, that is, they only rely on specific logic to determine whether to allow data packets to pass through. Once the logic is met, computer systems inside and outside the firewall are directly connected. users outside the firewall may directly understand the network structure and running status of the firewall, which facilitates illegal access and attacks.

(3) proxy service

The Proxy Service is also called a link-Level gateway or a TCP channel (Circuit Level Gateways or TCP Tunnels). Some people also classify it as an application-Level gateway. It is a firewall technology introduced to address the shortcomings of packet filtering and application gateway technology. It features that all network communication links that span firewalls are divided into two sections. The "Link" at the application layer between computer systems inside and outside the firewall is implemented by two "Links" on the terminated proxy server. The network link of the external computer can only reach the proxy server, thus, computer systems inside and outside the firewall are isolated. In addition, the proxy service also analyzes and registers data packets in the past to form a report. In addition, when detecting signs of attacks, it will send an alarm to the network administrator and keep the attack traces.