当前位置:网站首页>firewall

firewall

2020-12-08 02:08:48 straight left

One 、 What is a firewall

Firewall refers to a combination of software and hardware devices 、 Between the intranet and the extranet 、 A protective barrier constructed on the interface between a private network and a public network , It's an image of a way to get security , It is a combination of computer hardware and software , send Internet And Intranet Set up a security gateway between (Security Gateway), So as to protect the intranet from illegal users .

Sort out this sentence , obtain : Firewall is a combination of software and hardware , Used to build internal network protection barrier ( In fact, it can also refer to the construction of computer protection barriers ).

Firewall is mainly made up of service access rules 、 Verification tool 、 Packet filtering and application gateways 4 Component composition .

Two 、 What firewalls do

In fact, the use has been mentioned above , It's protective . Firewall has a very good protection . Intruders must first cross the security line of the firewall , To access the target computer . We can configure firewalls to many different levels of protection . High level protection may prohibit some services , Such as video streaming , But at least it's our own protection choice .
 Insert picture description here

3、 ... and 、 Firewall classification

The method of firewall classification , There are mainly the following 6 Kind of :

1、 Press soft 、 Hardware form classification : Software firewall 、 Hardware firewall 、 Chip level firewall .

2、 Classified by firewall technology : Packet filtering firewall 、 Application proxy firewall .

3、 According to the firewall structure : Single host firewall 、 Router integrated firewall 、 Distributed firewall .

4、 According to the application deployment location of firewall : Border firewall 、 Personal firewall 、 Hybrid Firewall .

Border firewall It's the most traditional , They're inside 、 The boundaries of the external network , The role played by the internal 、 The external network is isolated , Protecting the internal network of borders . This kind of firewall is generally hardware type , The price is more expensive , Good performance .

Personal firewall Installed in a single host , Only a single host is protected . This kind of firewall is applied to the vast number of individual users , It's usually a software firewall , The cheapest price , And the worst performance .

Hybrid Firewall It can be said that “ Distributed firewall ” perhaps “ Embedded Firewall ”, It's a whole firewall system , By a number of soft 、 The hardware components consist of , Distributed within 、 Between the external network boundary and the internal hosts , Both internally 、 Communication between external networks is filtered , It also filters the communication between hosts in the network . It's one of the latest firewall technologies , Best performance , The price is also the most expensive .

5、 Classified by Firewall Performance : 100m firewall 、 Gigabit firewall .

6、 According to the use of firewall : Network layer firewall 、 Physical layer firewall 、 Link layer firewall .

Four 、 Firewall configuration

Firewall configuration mainly includes 3 Kind of :

1、Dual-homed The way ( Double sleep )

Dual-homed The easiest way . Dual-homed Gateway( Dual hosted gateway ) Placed between two networks , This dual host gateway is also known as bastionhost( Fortress machine ). The cost of this structure is low , But it has a single point of failure .

This structure does not increase the self-defense ability of network security , And it is often subject to “ hackers ” The preferred target of attack , Once it's broken itself , The whole network is exposed .

2、Screened-host The way ( Shield host )

Screened-host In the way Screeningrouter( Screening routers ) To protect Bastionhost( Fortress machine ) The safety of building a barrier . It sends all incoming information to Bastionhost, And only accept from Bastionhost As the data going out .

This structural dependence Screeningrouter and Bastionhost, As long as there is a failure , The whole network is exposed .

3、Screened-subnet The way ( Shield subnet )

Screened-subnet Contains two Screeningrouter And two Bastionhost. There is an isolated network between the public network and the private network , be called ” Ceasefire zone ”(DMZ, namely Demilitarized Zone),Bastionhost Put in “ Ceasefire zone ” Inside .

This kind of structure is safe , Only when two security units are broken , The Internet was exposed , But it's also expensive .

5、 ... and 、 How Firewalls Work

Firewall is a hardware device deployed in the network to strengthen the ability of network security protection , There are many ways to deploy , The common ways are as follows .

1、 Bridge mode
Bridge mode can also be called transparent mode . The client and server are in the same network segment , For safety reasons , Add firewall device between client and server , Security control of the flow through . Normal client requests arrive at the server through the firewall , The server returns the response to the client , Users will not feel the presence of intermediate devices . The firewall that works in bridge mode doesn't have IP Address , When expanding the network, there is no need to re plan the network address , But at the expense of routing 、VPN And so on .

2、 Gateway mode
Gateway mode is applicable to the situation that the internal and external networks are not in the same network segment , The firewall sets the gateway address to realize the function of router , Routing and forwarding for different network segments . Gateway mode has higher security than bridge mode , The security isolation is realized at the same time of access control , With a certain degree of privacy .

3、NAT Pattern
NAT(Network Address Translation) Address translation technology by firewall on the internal network of IP Address translation , Using firewalls IP Address replaces the source address of the internal network and sends data to the external network ; When the response data traffic of the external network returns to the firewall , The firewall replaces the destination address with the source address of the internal network .NAT The mode can realize that the external network can not directly see the internal network IP Address , Further enhance the internal network security protection . meanwhile , stay NAT In the network of patterns , Internal network can use private network address , Can solve IP The problem of limited number of addresses .

4、 High reliability design
Firewalls are deployed at the entrances and exits of the network , It's the gateway to network communication , This requires the deployment of firewall must have high reliability . commonly IT The service life of the equipment is designed to 3 to 5 year , When a single point device fails , To achieve reliability through redundancy technology , This can be done through redundant protocols such as virtual routing (VRRP) And other technologies to achieve redundancy . at present , Mainstream network devices support high reliability design .

Reference article
How firewalls are classified
According to the application deployment location of firewall
Firewall configuration mode
What are the common deployment methods of firewalls

版权声明
本文为[straight left]所创,转载请带上原文链接,感谢
https://chowdera.com/2020/12/202012080208119490.html