Along with networking's development, Internet already entered everyone. Therefore, the network security will become the people most matter of concern. At present, protects the intranet to avoid exterior invasion the quite effective method for the firewall technology.
Firewall's basic concept
The firewall is a system or group of systems, it between the net and the Internet carries out certain security policy in the enterprise.
An effective firewall should be able to guarantee: All will flow in or flows to Internet's information from the Internet after the firewall; All flows through firewall's information to accept the inspection.
The Internet firewall's function is: May define a key point through the firewall to prevent the external invasion; The monitoring network's security and gives the warning prompt in the unusual circumstance, especially regarding significant information content through when besides carries on the inspection, should make the diary registration; Provides the network address to transform (NAT) the function, is helpful in alleviating the IP address resources tense question, simultaneously, may avoid, when an intranet replaces ISP must number trouble; The firewall may inquire or register Internet's service condition, may confirm that the Internet Lian Ru price, the latent band width bottle must, cause the expense the consumption to satisfy the enterprise interior finance pattern; The firewall is provides the service for the customer the ideal position, namely may dispose corresponding WWW and the FTP service in above, enables the Internet user only to be possible to visit this kind of service, but forbids visit to protect the network other system's.
Firewall's classification, function
The existing firewall mainly has: Package of filtration, agent server, multi-skill as well as other types (double host main engine, main engine filtration as well as encryption router) firewall.
A package of filtration (Packet Fliter) usually installs on the router, moreover the majority commercial routers have provided the package of filtration function. The package of filtration rule take IP package of information as a foundation, to the IP source address, the goal address, the seal agreement, the port number and so on carries on screening. A package of filtration carries on the network level.
Agent server (Proxy Service) firewall usually by two parts of constitutions, server end procedure and client side procedure. The client side procedure and the middle node (Proxy Server) connects, the middle node with provides the service again the server actual connection. Is different what with the package of filtration firewall, between the inside and outside net does not have the direct connection, moreover the agent server provides the diary (Log) and the audit (Audit) serves.
The multi-skill (Hybfid) the firewall will include the filtration and the proxy service two methods unifies, forms the new firewall, (Bastion Host) provides by the fortress main engine the proxy service.
Other pages: : 1 * 2 * 3 * 4 * Next>>
|