The concept of firewall
Of course, since we plan to understand it from the shallower to the deeper, we must first take a look at the concept of firewall. Firewall is the name of a component in a car. In cars, a firewall is used to separate the passengers from the engine, so that if the car engine catches fire, the firewall can not only protect the safety of the passengers, but also allow the driver to continue to control the engine. In computer terminology, of course it does not mean this. We can understand by analogy. In the network, the so-called "firewall" refers to a method of separating the internal network from the public access network (such as the Internet). It is actually An isolation technique. A firewall is an access control standard implemented when communicating between two networks. It allows people and data you "agree" to enter your network, while keeping people and data you "disagree" out of the network to the maximum extent possible. Prevent network hackers from accessing your network. In other words, without going through the firewall, people within the company cannot access the Internet, and people on the Internet cannot communicate with people within the company.
Function of firewall
A firewall is a barrier to network security:
A firewall (as a blocking point, control point) can greatly improve the security of an internal network security and reduce risk by filtering out unsafe services. Because only carefully selected application protocols can pass through the firewall, the network environment becomes more secure. For example, the firewall can prohibit well-known insecure protocols such as NFS from entering and leaving the protected network, so that external attackers cannot use these vulnerable protocols to attack the internal network. Firewalls also protect the network from route-based attacks, such as source routing attacks in IP options and redirect paths in ICMP redirects. The firewall should be able to reject all the above types of attack packets and notify the firewall administrator.
Firewalls can strengthen network security policies:
Through the firewall-centered security solution configuration, all security software (such as passwords, encryption, identity authentication, auditing, etc.) can be configured in on the firewall. Centralized security management of firewalls is more cost-effective than spreading network security issues to individual hosts. For example, during network access, the one-time password system and other identity authentication systems do not need to be dispersed on various hosts, but concentrated on the firewall.
Monitor and audit network access and access:
If all access passes through the firewall, then the firewall can record these accesses and make log records, and it can also provide Network usage statistics. When suspicious actions occur, the firewall can issue appropriate alarms and provide detailed information on whether the network is being monitored and attacked. In addition, it is also very important to collect the usage and misuse of a network. The first reason is to know whether the firewall can withstand attacker detection and attacks, and whether the firewall controls are adequate. Network usage statistics are also very important for network demand analysis and threat analysis.
Prevent the leakage of internal information:
By using firewalls to divide the internal network, key network segments of the intranet can be isolated, thereby limiting local key or sensitive network security issues. Impact on the global network. Furthermore, privacy is a matter of great concern in internal networks. Inconspicuous details in an internal network may contain clues about security and arouse the interest of external attackers, and even expose certain security vulnerabilities of the internal network. . Using a firewall can hide services that reveal internal details such as Finger and DNS. Finger displays the registered names, real names, last login time and shell type of all users on the host. However, the information displayed by Finger is very easy to be learned by attackers. An attacker can know how frequently a system is used, whether users of this system are connected to the Internet, whether this system attracts attention when being attacked, etc. Firewalls can also block DNS information about the internal network so that a host's domain name and IP address are not known to the outside world.
In addition to the security function, the firewall also supports VPN (Virtual Private Network), an internal enterprise network technology system with Internet service characteristics.
Reference material: /viewthread.php?tid=358293
The purpose of a firewall is simply to prevent illegal programs from invading the computer. Illegal programs include viruses, Trojans, hacker intrusions, etc. Any unauthorized intrusion can be considered illegal.
The purpose of firewall (Firewall Purpose)
Written by: Indeepnight at 8:55 am
Firewalls have only begun to attract public attention in recent years. In the past, they were only regarded as The focus is on the capabilities of anti-virus software
However, although firewalls have good intentions, for the public, their functions are often confusing and may even hinder the original The smoothness of operating the computer
Nowadays operating systems also have firewall functions by default (both M$ and Linux), but most of them are marketing strategies to make everyone feel that they are superior. It's worth it, but the actual application is... little attention is paid to it. As for the difference between hardware and software, you can refer to the author's previous article on the use of firewalls, which has a rough explanation
Today I will To illustrate some of the more common applications and settings:
The development of the Internet has brought revolutionary reform and opening up to enterprises, and enterprises are trying to improve market response by using it
speed and efficiency to be more competitive. Through the Internet, enterprises can retrieve important data from other places. At the same time, they have to face new data security challenges brought by the opening of the Internet and new dangers: customers, sales secure access to businesses, mobile users, off-site employees, and internal employees; and protect corporate confidential information from hackers and industrial espionage. Therefore, enterprises must add security "trenches", and where should these "trenches" be built?
There are two parts of Internet-based system applications: intranet and extranet. Intranet is to construct an enterprise 3W network on the Internet with the help of Internet technology and equipment, which can put all the enterprise information; while Extranet is in e-commerce and mutual cooperation. If necessary, some information in other systems can be obtained through intranet channels.
Therefore, according to an enterprise's security system, firewall trenches must be located at the following locations:
① Ensure secure access to hosts and applications;
② Ensure multiple client and server security;
③Protect key departments from internal attacks, external attacks, and provide remote access to employees, customers, and suppliers through the Internet and
providers provide safe passage.
At the same time, the security of the firewall also comes from its good technical performance. Generally, firewalls have the following characteristics
:
① Extensive service support, by combining dynamic, application-layer filtering capabilities and authentication, can
Implement WWW browser, HTTP server, FTP, etc.;
② Encryption support for private data to ensure that virtual private networks and business activities through the Internet are not damaged;
p>
③Client authentication only allows designated users to access the internal network or select services, and is an additional part of secure communication between the enterprise's local network
and branches, business partners and mobile users;
p>
④ Anti-spoofing: Spoofing is a common method to obtain network access from the outside. It makes the data packet appear to come from within the network.
Firewall-1 can monitor such data packets and throw them away; C/S mode
and cross-platform support enable the management module running on one platform to control the monitoring module running on another platform
p>
View module.
Network Security: A must-read for new Internet users---Why do we need firewalls
Source: CCID Time: 2006-10-04 09:10:44
Many junior Internet users believe that as long as anti-virus software is installed, the system is absolutely safe. This idea is absolutely unacceptable! In today's network security environment, Trojan horses and viruses are rampant, hacker attacks are frequent, and various rogue software and spyware are also making waves. How can we make our system stand in such a dangerous network environment? Is anti-virus software alone enough to keep our systems safe? Below I will analyze the importance of firewalls from several aspects that affect system security.
Current network security threats mainly come from virus attacks, Trojan horse attacks, hacker attacks and spyware attacks. Anti-virus software has been developed for more than ten years, but it still remains at the level of passive anti-virus (don’t look at those self-proclaimed active defenses, they are nothing more than deceptive pretense, just read this article/388/2014388.shtml), while foreign countries A survey shows that today's global anti-virus software cannot identify 80% of viruses. In other words, the reason why anti-virus software can kill viruses is purely based on the code characteristics of the virus sample to identify whether it is a virus. Just like the police caught A thief, this thief had a big beard, so the police stared at the bearded people on the street every day. The antivirus effect of this can be imagined. In the same way, anti-virus software’s prevention of Trojans and spyware is also based on this method.
Nowadays, viruses and Trojans are updated very quickly. From a global perspective, most of the virus Trojans that can cause great losses are new or have various variants. Because these virus Trojans The characteristics of the viruses are not known by the anti-virus software, so the anti-virus software can neither alarm nor kill them. Are we ready to be slaughtered by virus Trojans? Of course not! How can a master bow to a few virus Trojans! Although the anti-virus software can only stare at us, we still have a firewall that strictly guards the door!
Why can firewalls block virus Trojans and even the latest virus Trojan variants? This starts with the defense mechanism of the firewall. The firewall monitors the data packets connected to the network. In other words, the firewall is equivalent to a strict gatekeeper, in charge of each door (port) of the system. It is responsible for verifying the identity of people entering and exiting. Everyone needs to You can enter and exit only with the permission of the highest officer, and this highest officer is yourself. Whenever an unknown program wants to enter the system or connect to the network, the firewall will intercept it immediately and check the identity. If it is allowed with your permission (for example, in the application rule settings, you allow a certain program to connect to the network) ), the firewall will release all data packets sent by the program. If it is detected that the program is not allowed to be released, it will automatically alarm and prompt whether to allow the program to be released. At this time, you, the "Supreme Commander", need to do something Made a judgment. Generally speaking, we block programs that we do not run or do not know much about, and confirm the nature of the software through search engine or firewall prompts.
Writing this, everyone probably has a certain understanding of the difference between anti-virus software and firewalls. Here is an intuitive example: Your system is like a castle, and you are the supreme commander of this castle. Anti-virus software and Firewalls are guards responsible for security, and each has its own division of labor. The anti-virus software is responsible for identifying people who enter the castle, and arrests suspicious people if they are found (of course, the chance of arresting the wrong person is very high, otherwise there would not be so many accidental killings and false alarms); while the firewall is the gatekeeper, checking everyone Everyone entering and exiting the castle is inspected, and if anyone is found without a pass, he or she is informed by the Supreme Commander. Therefore, any Trojan or spyware may secretly record your account and password under the eyes of the anti-virus software. However, since the firewall has a strict eye on the city gate, no amount of information can be transmitted, thus protecting your system. Safety.
In addition, anti-virus software has no way to deal with hacker attacks, because hacker operations do not have any signatures, so anti-virus software cannot recognize them, and firewalls can hide every port of your system. It prevents hackers from finding the entrance, which naturally ensures the security of the system.
There are currently many types of firewalls around the world, but from personal experience, I recommend Skynet firewall to everyone.
Skynet Firewall can effectively prevent hackers, Trojans or other malicious programs from stealing your privacy, including account numbers and passwords for online banking, online games, QQ, etc.