Traditional Culture Encyclopedia - Traditional customs - What is the main working principle of firewall technology?

What is the main working principle of firewall technology?

A firewall is a kind of filter plug (you understand it correctly so far). You can let what you like pass through this plug and filter out everything else. In the network world, what is filtered by the firewall is the communication packet carrying communication data. Firewalls in the world will say at least two words: yes or no, and directly saying it means accepting or rejecting. The simplest firewall is an Ethernet bridge. But few people will think that this primitive firewall can be of much use. Most firewalls use various technologies and standards. These firewalls have many forms: some have replaced the TCP/IP protocol stack already equipped on the system; Some build their own software modules on the existing protocol stack; Some are just an independent operating system. There are also some application-oriented firewalls that only provide protection for certain types of network connections, such as SMTP or HTTP protocols. There are also some hardware-based firewall products, which should actually be classified as security routers. All these products can be called firewalls, because they all work in the same way: analyze the packets coming in and out of the firewall and decide whether to let them pass or throw them aside. All firewalls have IP address filtering function. This task is to check the IP header and make a release/discard decision according to its IP source address and destination address. Look at the picture below. There is a firewall between the two network segments. There is a UNIX computer at one end of the firewall and a PC client at the other network segment. When a PC client sends a telnet request to a UNIX computer, the telnet client of the PC generates a TCP packet and sends it to the local protocol stack for transmission. Next, the protocol stack "inserts" this TCP packet into an IP packet, and then sends it to the UNIX computer through the path defined by the TCP/IP stack of the PC. In this example, IP packets must pass through the firewall between PC and UNIX computer to reach UNIX computer. Now we "command" (in technical terms, that is, configure) the firewall to reject all packets sent to UNIX computers. After completing this work, a better firewall will notify the client program! Because IP data sent to the destination cannot be forwarded, only users on the same network segment as UNIX computers can access UNIX computers. In another case, you can order the firewall to find fault with that poor PC, and other people's bags will not work. This is the most basic function of the firewall: judging the forwarding according to the IP address. However, this trick can't be played when it comes to big scenes. Because hackers can use IP address spoofing technology, computers disguised as legitimate addresses can pass through firewalls that trust the address. However, the forwarding decision mechanism based on address is still the most basic and necessary. It is also important to note that you should not use DNS host names to build filter tables. Forging DNS is much easier than spoofing IP addresses.