Further understanding of firewall technology to defend against hacker intrusion

Network security is not only manifested in virus prevention, but also in the ability of the system to resist external illegal hacker intrusion. We can deal with network viruses through anti-virus software. What measures can we take to prevent hacker intrusion? Under such circumstances, the network firewall technology came into being. So what is a firewall? What does it do? Please take a look.

I. Basic concepts of Firewall

In ancient times, people often build a brick wall between apartments. Once a fire occurs, it can prevent the fire from spreading to another apartment. Now, if a network is connected to the Internet, its users can access and communicate with the outside world. However, the external world can also access and interact with the network. For security, you can insert an intermediary system between the network and the Internet to erect a security barrier. The purpose of this barrier is to block external threats and intrusions to the network through the network, and provide the only level to guard the Security and audit of the network, its role is similar to that of the fireproof brick wall in ancient times, so we call this barrier "firewall ".

A firewall is a device in a computer. It is composed of software or hardware devices. It is usually located between the Intranet and Internet of an enterprise, restrict Internet users' access to internal networks and manage their external access permissions. In other words, a firewall is a blocking tool between an internal network that is considered secure and trusted and an external network that is considered not so secure and trusted (usually Internet. Firewall is a passive technique because it assumes that the existence of network boundaries makes it difficult to effectively control internal illegal access. Therefore, firewalls are only suitable for relatively independent networks, such as local networks within an enterprise.

Ii. basic firewall principles

1. Filter insecure services

Based on this principle, the firewall should block all information flows and then open them to the desired security services one by one. All insecure services or services with potential security risks will be put in the bud. This is a very effective and practical method that can create a very secure environment, because only carefully selected services can be used by users.

2. filter illegal users and access special sites

Based on this rule, the firewall should first allow all users and sites to access the internal network, and then the network administrator will block unauthorized users or untrusted sites one by one according to the IP address. This method constitutes a more flexible application environment. network administrators can enable different services for different users, that is, they can freely set different access permissions for each user.

III. Basic firewall measures

Two measures are used to implement firewall security functions.

1. Proxy Server (applicable to dial-up Internet access)

In this way, the internal network does not communicate directly with the Internet. Computer users in the internal network communicate with the proxy server by providing the internal network protocol (NetBIOS, TCP/IP ), the communication between the proxy server and the Internet adopts the standard TCP/IP network communication protocol. The communication between computers inside and outside the firewall is implemented through the proxy server. The structure is as follows:

Internal Network → Proxy Server → Internet
 

In this way, computer systems inside and outside the firewall are isolated successfully. Because the proxy servers use different protocol standards at both ends, it can effectively prevent external direct illegal intrusion.

A proxy server is usually used by computers with good performance, fast processing speed, and large capacity. It is used as a functional connection between the internal network and the Internet, it is like a real server for an internal network, and a client for a server on the Internet. After receiving a user's request, the contemporary server checks whether the site requested by the user meets the set requirements. If the user is allowed to access the site, the proxy server will connect to the site, to retrieve the required information and then send it to the user.

In addition, the proxy server can provide more secure options, for example, it can implement strong data stream monitoring, filtering, recording and reporting functions, it also provides excellent access control, logon, and address translation capabilities. However, in the case of many internal network terminals, the efficiency of such firewall measures will inevitably be affected, and the burden on the proxy server is very heavy, in addition, many client software accessing the Internet cannot normally access the Internet on the internal network computer.

2. Routers and filters

This structure allows routers and filters to restrict external computers from accessing the internal network. You can also specify or restrict internal networks from accessing the Internet. The router only routes the data communication on the specific port of the filter. The main function of the filter is to implement the packet passing option at the network layer, according to the IP (Internet Protocol) based on the package information, determine whether to allow the packet to pass based on the IP Source Address, IP target address, and encapsulation protocol port number. The biggest advantage of this firewall is that it is transparent to users. That is to say, users do not need to enter their accounts and passwords to log on. Therefore, the speed is faster than that of the proxy server and it is not prone to bottlenecks. However, the disadvantage is that there is no user usage record, so we cannot find illegal intrusion attack records from access records.