Where is the computer firewall generally installed?
Post-Firewall location: Double-click to open "My Computer" → Control Panel → Security Center--windows Firewall (Figure 1, 2, 3 below)
(Figure 1)
(Figure 2)
(Figure 3)
Under normal circumstances from the soft and hardware form of the firewall, the firewall can be divided into software firewalls, hardware firewalls and chip-level firewalls.
The first type: Software firewalls
A software firewall runs on a specific computer that requires the support of a client's pre-installed computer operating system, which is generally the gateway to the entire network. Commonly known as "Personal Firewall." Software firewalls, like other software products, need to be installed and configured on the computer before they can be used. Firewall manufacturers do network version of the software firewall is most famous than checkpoint. Using this kind of firewall, network management needs to be familiar with the operating system platform.
The second type: hardware firewalls
The hardware firewall described here refers to the so-called "hardware Firewall". The addition of the word "so-called" is for the chip-level firewall said. The biggest difference is whether they are based on a dedicated hardware platform. Most firewalls in the market today are such so-called hardware firewalls, they are all based on the PC architecture, which means they are not much different from the average home PC. Run some trimmed and simplified operating systems on these PC architecture computers, most commonly with older versions of UNIX, Linux, and FreeBSD systems. It is worth noting that this type of firewall is still affected by the security of the OS itself, as it continues to be someone else's kernel.
Traditional hardware firewall should have at least three ports, respectively, network, extranet and DMZ area (demilitarized zone), now some new hardware firewall often extends the port, common four-port firewall generally will be the fourth port as configuration port, management port. Many firewalls can further extend the number of ports.
The third type: chip-level firewall
Chip-level firewalls are based on a dedicated hardware platform and do not have an operating system. Proprietary ASIC chips make them faster than other types of firewalls, with more processing power and higher performance. Do this kind of firewall most famous manufacturers have NetScreen, Fortinet, Cisco and so on. Such firewalls, because they are dedicated OS (operating system), are less vulnerable to the firewall itself, but the price is relatively high.
Basic functions of firewalls
Firewall system can be said to be the first line of defense network, so an enterprise in the decision to use a firewall to protect the security of the internal network, it first needs to understand a firewall system should have the basic functions, this is the user to choose the firewall product basis and premise. A successful firewall product should have the following basic features:
The design strategy of firewall should follow the basic principle of safety precaution--"prohibit unless expressly permitted"; The firewall itself supports security policies, not additions; If the organization's security policy changes, you can add new services, advanced authentication means or hook procedures, you can install advanced certification methods, if necessary, the use of filtration technology to allow and prohibit services; You can use service proxies such as FTP and Telnet, so that the advanced authentication means can be installed and run on the fire wall; An interface-friendly, easily programmable IP filtering language, and packet filtering according to the nature of the packet, the nature of the packet has the target and source IP address, protocol type, source and purpose tcp/ UDP ports, ACK bits for TCP packets, outbound and inbound network interfaces, and so on.
If users need services such as NNTP (Network Message Transfer Protocol), Xwindow, HTTP, and Gopher, the firewall should contain the appropriate agent service program. Firewalls should also have the ability to centralize messages to reduce direct connections between SMTP servers and external servers, and to centralize e-mail throughout the site. Firewalls should allow public access to the site, separating the information server from the other internal servers.
Firewalls should be able to centralize and filter dial-in access, and can record network traffic and suspicious activity. In addition, to make the log readable, the firewall should have the ability to streamline logging. While it is not necessary to have the operating system of the firewall and the operating system used internally by the company, running an administrator-familiar operating system on a fire wall makes management easier. The strength and correctness of the firewall should be validated and designed to be as simple as possible for the administrator to understand and maintain. Firewalls and corresponding operating systems should be upgraded with patches and must be upgraded on a regular basis.
As mentioned earlier, the Internet is changing all the time, and new vulnerable points are likely to occur at any moment. When new hazards arise, new services and upgrades may create potential resistance to the installation of firewalls, so it is important that the firewall be adaptable.