Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > firewall > Content
Hot Articles
The open firewall port r
Explains the specialized
ESET NOD32+ wonderful ti
How the pronunciation an
Discusses the firewall c
Under Linux system firew
Individual firewall's tr
360ARP firewall's simple
How does Firewalking-- s
Eurotech releases indust
Impediment firewall secu
Under CMD establishes th
Netintelligence awarded
Lets Vista network secur
20 model of most outstan
Recommend Articles
Knew that the Linux oper
Discusses the firewall c
How the pronunciation an
Lets Vista network secur
The big spider collabora
Under Linux system firew
Individual firewall's tr
Establishment firewall i
The network firewall mai
In network security fire
USBKill8.0 implementatio
Discusses the firewall t
Stops up the long-distan
Clearly recognizes the f
About low in high securi
New Articles
Over 150,000 metric secr
Check Point Positioned i
The must-have requiremen
safe browsing Trusteer B
Kaspersky Personal Secur
X6 VirusBarrier antiviru
Patelco Credit Union For
Panasonic Network System
Malware infections are a
Redscan rebrand as Red B
Wei?book contains?lt gui
Kaspersky Personal Secur
Imperva and Qualys Partn
The H?half of the studen
F-Secure Internet Securi
Resists hacker's invasion to further know the firewall technology(2)
  Add date: 11/10/2008   Publishing date: 11/10/2008   Hits: 8
Total 2 pages, Current page:2, Jump to page:
 

Third, firewall's basic measure
The firewall security function realizes mainly uses two measures.
1. the agent server (is suitable for digit dialing surfer)
This way is the internal network and the Internet not direct communication, the interior network computer user and the agent server selects one communication method, namely provides the internal network protocol (NetBIOS, TCP/IP), what between the agent server and the Internet correspondence adopts is the standard TCP/IP network service agreement, the firewall inside and outside computer's correspondence is relays through the agent server realizes, the structure as follows shows:
Internal network -> agent server →Internet
This successfully has then realized inside and outside the firewall computer system's isolation, what because the agent server both sides use is the different protocol standard, can therefore prevent the outside direct illegal invasion effectively.
The agent server is usually good by the performance, the processing speed is quick, the capacity big computer acts as, is takes the internal network and the Internet connection in the function, it looks like a genuine server regarding the internal network to be the same, but regarding Internet's on server, it is also a client. After the agent server accepts the user the request, will inspect the stand which the user requested whether to meet the hypothesis requirement, if the permission user will visit this stand, the agent server with that stand connection, will bring back needs the information to retransmit again gives the user.
Moreover, the agent server can also provide a safer option, for example it may implement the strong data stream the monitoring, the filtration, the record and the report function, but may also provide the extremely good access control, to register ability as well as the address translation ability. But this kind of firewall measure, in internal network terminal many situations, the efficiency definitely will come under the influence, the agent server burden will be very heavy, and many will visit Internet the customer software to be unable in the interior network computer to visit Internet normally.
2. router and filter
This kind of structure completes together by the router and the filter to the outside computer visits the internal network the limit, may also assign or limit the internal network to visit Internet. The router only performs the route to on filter's specific port's data communication, filter's major function has choice passing in the network level to the data packet implementation, according to IP (Internet Protocol) package of information is the foundation, according to the IP source address, the IP goal address, the seal agreement port number, determined whether it does allow this data packet to pass. This kind of firewall measure biggest merit was it regarding the user is transparent, i.e. could not the user input account number and the password registers, therefore the speed was quicker than the agent server, and was not easy to present the bottleneck phenomenon. However its shortcoming is also very obvious, does not have user's note for use, like this we cannot discover the illegal invasion from the access record the attack record.


 
Other pages: : <<Prev * 1 * 2
Prev:Resists the network attack with the Linux system firewall function Next:Firewall test: From basic to familiarity (chart)

Comment:

Category: Home > firewall
Home