Netfilter/Iptables的防火牆功能介紹

來源:互聯網
上載者:User

  防火牆介紹

  Disclaimer: 下面描述的有些內容可能不完全正確.但希望對你理解iptables有協助,如果你發現了錯誤,請通知我。

  注意,此說明是非拷貝的(例如在GPL).如果你想做任何修改、發布、拷貝、引用,請先聯絡我。(哈哈,不管了)

  什麼是防火牆?

  簡單說,防火牆就是用來保護你的網路的一台主機,它對來自internet和你的內網(受保護)之間的通訊進行限制,反過來亦可。

  非防火牆功能

  誤區 - 防火牆並不能保證你的網路絕對安全

  堡壘主機(A bastion host)- In an ideal world, this would be true. However, a firewall is only as secure as the work you put into securing it.

  主機安全替換(A replacement for host security) - 每一項防火牆允許的服務都是潛在的風險。

  使用類型

  本地 - 對於在實際的物理串連而言,沒有安全可言。很明顯,防火牆對此無能為力。

  Local privilege escalation - The trojan horse attack. The attacker alreay has a local account on your box (inside the gates) and obtains root by some means (vulnerability or misconfiguration). A firewall cannot protect again this type of attacks.

  Remote - Your host is listening on a port that the attacker is able to connect to remotely over a network and exploit a vunerability somehow. This is the only type of attack a firewall can (hopefully) protect you against. There is another important point here that most firewall howtos neglect. In order for someone to exploit your box remotely, it has to be listening on some ports (i.e. providing a way for an attacker to connect). Therefore, if your host isn't listening on any ports, you are safe from remote exploits (unless the attacker manages to attack the network stack itself).



相關文章

Beyond APAC's No.1 Cloud

19.6% IaaS Market Share in Asia Pacific - Gartner IT Service report, 2018

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。