The five basic functions of a firewall are: 1. A network security barrier, which can greatly improve the security of an internal network and reduce risks by filtering unsafe services. 2. Strengthen network security policies; through firewall-centered security solution configuration, all security software can be configured on the firewall. 3. Monitor and audit. 4. Prevent the leakage of internal information; by using firewalls to divide the internal network, key network segments of the internal network can be isolated, thereby limiting the impact of local key or sensitive network security issues on the global network. 5. Logging and event notification.
The operating environment of this tutorial: Windows 7 system, Dell G3 computer.
Firewall technology helps computer networks build a relatively isolated protective barrier between the internal and external networks by organically combining various software and hardware devices for security management and screening to protect user data and A technology for information security.
Five functions of firewalls:
1. Network security barrier
A firewall (as a blocking point, control point) can greatly improve Security of an internal network and reduce risk by filtering unsecured services. Because only carefully selected application protocols can pass through the firewall, the network environment becomes more secure.
For example, a firewall can prohibit protocols such as the well-known insecure NFS from entering and exiting the protected network, so that external attackers cannot use these vulnerable protocols to attack the internal network. Firewalls also protect the network from route-based attacks, such as source routing attacks in IP options and redirect paths in ICMP redirects. The firewall should be able to reject all the above types of attack packets and notify the firewall administrator.
2. Strengthen network security strategy
Through the firewall-centered security solution configuration, all security software (such as passwords, encryption, identity authentication, auditing, etc.) can be configured on the firewall. Centralized security management through firewalls is more economical than spreading network security issues across individual hosts. For example, when accessing the network, the one-time password system and other identity authentication systems do not need to be scattered on various hosts, but concentrated on the firewall.
3. Monitoring and auditing
If all accesses pass through the firewall, then the firewall can record these accesses and make log records, and can also provide statistics on network usage. When suspicious actions occur, the firewall can issue appropriate alarms and provide detailed information on whether the network is being monitored and attacked.
In addition, it is also very important to collect the usage and misuse of a network. The first reason is to know whether the firewall can withstand attacker detection and attacks, and whether the firewall controls are adequate. Network usage statistics are also very important for network demand analysis and threat analysis.
4. Prevent the leakage of internal information
By using firewalls to divide the internal network, key network segments of the intranet can be isolated, thereby limiting the impact of local key or sensitive network security issues. Global network impact. Furthermore, privacy is a matter of great concern in internal networks. Inconspicuous details in an internal network may contain clues about security and arouse the interest of external attackers, and even expose certain security vulnerabilities of the internal network. .
Using a firewall can hide services that reveal internal details such as Finger and DNS. Finger displays the registered names, real names, last login time and shell type of all users on the host. However, the information displayed by Finger is very easy to be learned by attackers. An attacker can know how frequently a system is used, whether users of this system are connected to the Internet, whether this system attracts attention when being attacked, etc.
The firewall can also block DNS information about the internal network, so that the domain name and IP address of a host will not be known to the outside world. In addition to the security function, the firewall also supports the virtual private network of the enterprise's internal network technology system with Internet service capabilities.
5. Log recording and event notification
All data entering and leaving the network must pass through the firewall. The firewall records it through logs and can provide detailed statistical information on network usage. When suspicious events occur, the firewall can provide alarms and notifications based on the mechanism, providing information on whether the network is under threat.
(Related recommendations:Server Security)
The above is the detailed content of What are the five basic functions of a firewall?. For more information, please follow other related articles on the PHP Chinese website!