The firewall usually is located at a network the gateway server's position, it may protect an enterprise's private network resource to be exempt from the exterior network the influence. The firewall is playing a central role in the IT security, it is playing the important protective function face the outside world to the enterprise network.
Although the present has several kind of firewalls, but this word basically may define as the memory on the gateway server's related safety procedure combination, these procedures protect the network resource to be exempt from other network user together the visit or the destruction.
Looked from its form that has two big types; first, hardware firewall; second, software firewall. The hardware firewall is one has many port's metal boxes, it is set of preassembles has the security software's special-purpose safety equipment, generally uses the special-purpose operating system. But the software firewall usually may install in the general network operating system (for example Windows and Linux) on.
Position which occurs according to the data communication, may divide into the firewall several types; first, the network level firewall, it is also called the data packet filter, it moves in TCP/IP stack frame third, in the data packet with establishes the rule matches when only then allows it to pass. This means the firewall basis defines in advance the rule accepts or rejects the IP data packet. Following shown in Figure 1:
Through the data filtration, this kind of firewall inspects each data packet carefully the agreement and the address message, actually does not consider its content and the context data. The data packet filters firewall's principal advantage is it simplicity, the low cost relatively speaking, easy to deploy and so on characteristics. In the Windows certain edition's firewall belongs to this type.
Application layer firewall: It moves in the TCP/IP stack frame topmost story, it may intercept an application procedure all data packet. On the whole, the application layer firewall may prevent all exterior malicious correspondence to achieve the machine which protects. Through this method, the firewall has in fact represented an application procedure proxy, it supports and remote system's all data exchange. After its main idea is must make firewall's service not to be obvious to the remote system.
The application layer firewall basis specific ruleset accepts or the rejection data communication. For example, the firewall allows certain orders to enter the server to be forbid other orders. This kind of technology may also use in limiting the specific document type the visit, and may visit to obtain the authorization and not obtain authorized the user to provide the different rank. These request detailed data monitors and registers the information the user to like the application layer firewall, because it will not affect the performance. The IT manager may establish the application layer firewall, after defines in advance the condition occurs, it may stimulate the warning. Application layer gateway general deployment in one independent with on network connections computer, usually it is called an agent server. The agent server belongs to one kind of special application layer firewall, it will cause from the exterior network to destroy the internal resources to be more difficult, causes to abuse to an internal system or to misuse will not be created by the firewall exterior aggressor the safe harm.
Other pages: : 1 * 2 * Next>>
|
You are here: hacking technology
> firewall
> Content
Category: Home
> firewall