What is the firewall? Actually, firewall is a special word always used in construction field. It is a kind of walls that is made of fire-resistant material and built between buildings. When a fire breaks out in neighborhood building, it can retard the spread of the fire to other locations.

But the firewall used in Internet that provides similar controls is not a real wall. It is a component system of the computer hardware and software, which is used as the protection system of a certain network to prevent unauthorized users from accessing that networks.

A typical firewall always be “built” on the gateway point, where is the accessing point between Intranet and Internet, or the accessing point between a database (subnet inside the Internet) and Intranet. It controls the information services provided by the certain subnet or database. For example, some confidential databases can only be visited by the users who is specially authorized to do so.

Of cause, if the Intranet or host computer is totally isolated from network, the firewall will be no use. But in many circumstances, it is impossible for a company involved in electronic business to totally isolate their Intranet from Internet, and we know there are a lot of physical and cyber threats to be faced by Internet connected companies. At this time, firewall means a lot to them, that is, firewall plays an important role in controlling, monitoring the connections between the private network of a company and Internet (or extranet), and safeguarding the security and integrity of the documents of a certain company.

When the firewall is set up, all the outbound or inbound data flows (traffic) between the Internet and the subnet must pass through it, and it examines the traffic when pass through it.

It can let the inside authorized users use both inside and outside information service, while unauthorized outside users identified by its security policies are refused to access in the network.

There are many kinds of firewalls, such as “Simple traffic recording system”, “IP packets filter gateway” (or IP packets examine router”) and the “proxy application gateway”. Each provides different level of security checking. Which is the best? It is hard to say, because it depends on what kind of files (database) you want to protect and what kind of protect you want the firewall to provide, since we know that there are four kinds of documents: public used, copyrighted, secret and confidential. So, the users must think over all above factors and choose the most adequate firewall based on cost-effective rules, because the more powerful safeguard the firewall provides, the higher investment and maintain expenses for the firewall the company will afford.

Among all the firewalls, “Simple traffic recording system” is the simplest one. It is a kind of recording device that can keep all the records of passing through traffic in a database or document for auditing purpose. It has a database called “audit log file”, on which listed chronologically all the visiting records of every file of a certain subnet, including the name of visited files, the user’s address, the visiting time and times, and the amount of data transferred (downloaded). Actually, it can’t play a safeguard role, but only a recorder, it is often used for monitoring the using of public used data, such as advertisement or products list on a website, to provide the information about clients or consumers behaviors for decision making.

The rest kinds of firewalls are all structured on the base of packets filtering techniques, the packets are small subsets if data that travel through networks, each with the source address, destination address, protocol used, and part of the e-mail texts. This kind of firewalls has two functions: chokes and gates. When the packets sent to the firewall, the firewall chokes the data flow and examines them based on security rules that the firewall administrator designed and stored in the software of firewalls to decide whether or not the packets should pass through. If it could pass, the gate will act as a typical gateway to provide external connection. The level at which packets can be examined varies by the types of firewalls.

There are two kinds of rules used for examining the data traffic: one is called “default permit”, which allows all traffic except that explicitly blocked by firewall administrators; the other is called “default deny” which denies all traffics except that explicitly allowed by the firewall administrators. Generally speaking, the letter is better, for it doesn’t need to update it’s checking list often, because it only let the preauthorized users to access in and turn down all the unauthorized accessing, no matter what kind of intruders they are, known or unknown.

firewall technology
firewall technology_英语学习_外语学习_教育专区 暂无评价
Firewall introduction
(4)防火墙具有完善的日志/报警/监控功能,良好的 防火墙具有完善的日志/ 用户接口 防火墙的基本概念 Internet Untrusted Network Trusted Network Firewall DMZ 非受信...
Many companies develop firewall software. Firewall software features comprise of logging and reporting, routine alerts at specified points of intrusion, and a...
ROUTEROS 学习笔记 ROUTEROS Firewall 设置 CODE: / ip firewall connection tracking set enabled=yes tcp-syn-sent-timeout=1m tcp-syn-received-timeout=1m \ ...
Endian firewall ——— Linux防火墙
服务启完后,即完成 Endian firewall 的安装。 0 登录系统 1 重新启动 2 修改 root 的密码(使用 SSH 管理,登录时使用的用户名) 3 修改 adminr 的密码(使用 ...
firewall方正集团_IT认证_资格考试/认证_教育专区。firewall方正集团防火墙知识培训 方正信息安全技术有限公司 技术部 课程目标 ? ? ? ? 防火墙的基础知识 方正...
21页 免费 Free-ware firewall(2) ... 暂无评价 2页 1下载券 信息安全_风险评估_检查... 2页 免费 Web应用防火墙(WAF,Web ... 6页 免费...
ASA-Firewall_IT/计算机_专业资料。ASA防火墙Network Security Firewall Devices 1 Definition of a Firewall ? A firewall provides a single point of defense ...
ASA-Firewall_IT/计算机_专业资料。ASA防火墙Network Security Firewall Devices 1 Definition of a Firewall ? A firewall provides a single point of defense ...
h3c Firewall黑名单配置举例
h3c Firewall黑名单配置举例_信息与通信_工程科技_专业资料。h3c Firewall黑名单配置举例Firewall黑名单配置举例 目录 1 特性简介 ......