With the rapid development of computer network technology, network security issues have become increasingly prominent in the face of various users ......
With the rapid development of computer network technology, network security issues have become increasingly prominent in the face of various users. According to the data obtained by the author, nearly 20% of users on the Internet have suffered from hackers. Although hackers are so rampant, the network security problem has not yet attracted enough attention. More users think that the network security problem is far from their own, this is evidenced by the fact that more than 40% of users, especially enterprise users, have not installed a Firewall. All problems are proving to everyone, most hacker intrusion events are caused by failure to correctly install the firewall.
Concept and function of Firewall
The original meaning of the firewall refers to the wall built between houses in ancient times. This wall can prevent fire from spreading to other houses. The firewall mentioned here is not a physical firewall, but a defense system isolated between the local network and the external network. It is a general term for such preventive measures. It should be said that the firewall on the Internet is a very effective network security model, through which it can isolate risky areas (that is, the Internet or networks with certain risks) and security areas (LAN) does not impede access to risky areas. The firewall can monitor inbound and outbound network traffic to complete seemingly impossible tasks. It only allows security and approved information to access data that threatens the enterprise at the same time. As security errors and defects become more and more common, network intrusion not only comes from Superb attack methods, but also may come from low-level Configuration errors or inappropriate password options. Therefore, the role of the firewall is to prevent unwanted and unauthorized communications from entering and leaving the protected network, forcing the Organization to strengthen its network security policy. Generally, firewalls can achieve the following goals: first, they can restrict others' access to the internal network, filter out insecure services and illegal users, and second, prevent intruders from approaching your defense facilities; third, restrict users to access special sites, and fourth, provide convenience for monitoring Internet security. Because the firewall assumes network boundaries and services, it is more suitable for relatively independent networks, such as relatively concentrated networks such as intranets. Firewall is becoming a very popular method to control access to network systems. In fact, more than 1/3 of Web websites on the Internet are protected by some form of firewall, which is the most rigorous and secure way for hackers, any critical server should be placed behind the firewall.
Firewall architecture and working methods
The firewall makes your network planning clearer and clear, and comprehensively prevents data access that spans permissions (because the first thing some people attempt to do after logging on is to go beyond the permission limit ). If you do not have a firewall, you may receive many similar reports. For example, the internal financial reports of the Organization have just been cracked by tens of thousands of emails, or the user's personal homepage is maliciously connected to Playboy, but another pornographic website is specified on the Report link ...... A complete firewall system is usually composed of a shield router and a proxy server. A shielded router is a multi-port IP router. It checks each incoming IP packet based on group rules to determine whether to forward it. Shield the router from getting information from the packet header, such as the Protocol number, the IP address and port number of the sent and received packets, the connection mark, and other IP options to filter the IP packets. A proxy server is a server process in the firewall. It can complete specific TCP/TP functions in place of network users. A proxy server is essentially a gateway at the application layer, and a gateway that connects two networks for a specific network application. A user deals with a TCP/TP application, such as Telnet or FTP, and the proxy server requires the user to provide the remote host name to be accessed. After the user replies and provides the correct user identity and authentication information, the proxy server connects to the remote host and acts as a relay for the two communication points. The entire process can be completely transparent to the winners. User identity and authentication information can be used for user-level authentication. The simplest case is that it only consists of the user ID and password. However, if the firewall is accessible over the Internet, we recommend that you use stronger authentication mechanisms, such as one-time passwords or responsive systems.
The biggest advantage of shield router is its simple architecture and low hardware cost. The disadvantage is that it is difficult to set up packet filtering rules, and the management cost of shield router and the lack of user-level identity authentication. Fortunately, vro manufacturers have realized and started to solve these problems. They are developing a graphical user interface for editing packet filtering rules and developing a standard user-level identity authentication protocol, to provide remote Identity Authentication Dial-In User Service (REDIUS ).
The proxy server has the advantages of user-level identity authentication, logging, and account management. Its disadvantages are related to the fact that to provide comprehensive security assurance, an application-layer gateway must be established for each service. This fact severely limits the adoption of new applications.
The shielded router and the proxy server are usually combined to form a hybrid system. The shielded router is mainly used to prevent IP spoofing attacks. The most widely used configurations are Dualhomed firewalls, blocked host firewalls, and blocked subnet firewalls.
Generally, setting up a firewall requires thousands or even tens of thousands of dollars, and the firewall needs to run on an independent computer. Therefore, users who only use one computer to connect to the Internet do not need to set up a firewall, in addition, it is not cost-effective even in terms of cost. At present, the focus of the firewall is to protect a large network composed of many computers, which is also a real interest of hacker experts. Firewalls can be simple filters or well-configured gateways. However, they work in the same way. They monitor and filter all information sent to and from external networks, the firewall protects internal sensitive data from theft and destruction, and records the time and operation of communication. The new generation firewall can even prevent internal personnel from intentionally transmitting sensitive data to the outside world. When a user connects a local network within the Organization to the Internet, you certainly do not want people all over the world to read the payroll, various documents, or databases of internal staff of your organization at will, however, even within the Organization, there is a possibility of data attacks. For example, some intelligent computer experts may modify the payroll and financial reports. After setting the firewall, the administrator can restrict the internal staff of the organization to use Email, browse WWW and file transmission, but do not allow any external access to the internal computer of the Organization, the administrator can also disable access between different departments in the Organization. Placing a local network in a firewall can prevent external attacks. A firewall is usually a special software running on a single computer. It can identify and block illegal requests. For example, for a WWW Proxy Server, all requests are indirectly processed by the proxy server. This server is different from a common proxy server and does not directly process requests, it verifies the identity of the Request sender, the request destination, and the request content. If everything meets the requirements, the request will be approved and sent to the real WWW server. When the real WWW server does not directly send the result to the requester after processing the request, it will send the result to the proxy server, the proxy server checks whether the result violates the security regulations according to the previous regulations. When all the results are passed, the returned results are actually sent to the requester.