Firewalls are mainly passive protection.
Analysis:
To ensure service, the wall must open the corresponding port. For example, if a firewall wants to allow HTTP services, it must open port 80; if it wants to provide MAIL services, it must open port 25, etc.
Therefore, the firewall cannot prevent attacks on open ports, and the firewall cannot prohibit them; if DOS or DDOS is used to attack open ports, the firewall cannot prevent attacks using data flowing in from open services, and it cannot prevent the use of open services. Attacks are carried out through hidden data tunnels and cannot prevent software flaws that attack open services.
Firewalls cannot prevent attacks on themselves, they can only force confrontation. The firewall itself is a passive defense mechanism, not an active security mechanism. The firewall cannot interfere with packets that have not yet reached the firewall. If the packet attacks the firewall, the firewall can only fight against it if the attack has already occurred. It cannot prevent it at all.
Currently there is no technology that can solve all security problems, but the deeper the defense, the safer the network. Physical isolation gatekeeper technology is currently the only technical means that can solve the above problems.
The above is the detailed content of Is the firewall passive or active?. For more information, please follow other related articles on the PHP Chinese website!