The introduction and analysis of the function, classification and limitation of firewall

The development of Internet has brought revolutionary reform and openness to government structure and enterprises. They are trying to be more competitive by leveraging the Internet to improve efficiency and market response. Over the Internet, enterprises can retrieve important data from offsite, while facing new challenges and new dangers of data security from Internet openness: security access for customers, vendors, mobile users, offsite employees, and internal employees, as well as protection of confidential information from hackers and industrial spies. Therefore, the enterprise must build a safe "trench", and this "trench" is the firewall.

Firewall technology is an applied security technology based on modern communication network technology and information security technology, which is more and more used in the Internet environment of private network and public network, especially for Internet network.

1. What is a firewall?

A firewall is a combination of components set up between different networks, such as trusted enterprise intranets and untrusted public networks, or a network security domain. It is the only access to information between different network or network security domains, which can control (permit, reject, monitor) the traffic flow of the network according to the security policy of the enterprise, and has strong ability of resisting attack. It is the infrastructure that provides information security services and realizes network and information security.

Logically, a firewall is a separator, a limiter, and a parser that effectively monitors any activity between the intranet and the Internet, ensuring the security of the internal network.

The logical location of the firewall signals

2. What can a firewall do?

Firewalls are a barrier to network security:

A firewall (as a blocking point, control point) can greatly improve the security of an internal network and reduce risk by filtering unsafe services. Because only a carefully chosen application protocol can pass through the firewall, the network environment becomes more secure. such as firewalls can prohibit the entry and exit of protected networks such as the notoriously insecure NFS protocol, so that external attackers cannot exploit these fragile protocols to attack the internal network. Firewalls can also protect the network from routing based attacks, such as source routing attacks in IP options and redirected paths in ICMP redirection. The firewall should be able to reject all of the above types of attack messages and notify the firewall administrator.