What does a network firewall mean?

Firewall refers to a system or a group of systems composed of software or hardware devices, which is located between computers in enterprises or network groups and external channels, and is used to strengthen the security between Internet and intranet. It controls the information exchange inside and outside the network, provides access control and audit trail, and is an access control mechanism.

A general firewall has the following characteristics:

Extensive service support. By combining the dynamic filtering ability of application layer with authentication, WWW browsing, HTIP service and FIP service can be realized. Through the encryption support of private data, the business activities of virtual private network through the internet are guaranteed not to be destroyed; Client authentication only allows designated users to access the internal network or select services, which is an additional part of secure communication between the local network of an enterprise and branches, business partners and mobile users. Anti-cheating. Deception is a common means to gain network access from the outside, which makes the data packet look like it comes from the inside of the network. A firewall can monitor such packets and discard them.

There are two principles in the setting of firewall: First, "Anything that is not allowed is forbidden". Another strategy, on the other hand, insists that "everything that is not prohibited is allowed". The firewall forwards all information first. At first, the wall was almost useless, just like a dummy. Then delete the harmful content item by item. The more prohibited content, the greater the role of the firewall. Under this strategy, the flexibility of the network is completely preserved. However, they are afraid that too much information will be leaked, which will increase security risks. Network managers are often exhausted and their workload will increase.

Because there are many changing factors in the security field, the formulation of security policy should not be based on static conditions. When making firewall security rules, we should conform to the principle of "adaptive security management" mode, namely:

Security = risk analysis+execution strategy+system implementation+vulnerability monitoring+real-time response to meet the requirements of integration and integrity.

There are two main firewall technologies: packet filtering technology and proxy service technology. The first category is PacketFilter technology. It realizes the selective release of data packets at the network layer. The second category is ProXyService technology. This is a firewall technology based on proxy server, which usually consists of two parts-the client is connected to the proxy server and the proxy server is connected to the external server, but there is no direct connection between the internal network and the external network.

Firewall has its limitations:

Firewalls cannot prevent attacks that bypass firewalls. For example, a firewall is installed in the intranet, but a user of the network directly connects with the network service provider for some reason, bypassing the protection of the intranet, leaving a back door for attacks and becoming a potential security risk.

Firewall can't stand the attack of human factors. Due to the firewall's single-point mining of network security, it may be attacked by hackers, just as the enterprise intranet is artificially destroyed for management reasons, and the firewall is powerless.

Firewall can't guarantee the confidentiality of data, can't identify data, and can't guarantee the network from virus attacks. It is impossible for any firewall to scan every file in the passing data stream for viruses.

At present, many popular security devices on the market belong to the category of static security technology, such as peripheral protection devices such as firewall and system shell. Peripheral protection devices are aimed at attacks from outside the system. Once external intruders enter the system, they will not be stopped. The authentication method is similar. Once an intruder cheats the authentication system, the intruder will become an insider of the system. The disadvantage of traditional firewall is that it cannot improve security and speed at the same time. Once the network data stream is deeply detected and analyzed considering security factors, the network transmission speed will be affected.

The disadvantage of static security technology is that it needs manual implementation and maintenance and cannot actively track intruders. Traditional firewall products are typical of this kind of products. Its high maintenance cost and influence on network performance are unavoidable for anyone. System administrators need special security analysis software and technology to judge whether the firewall is attacked.

Aiming at the deficiency of static security technology, many network security and management experts in the world have put forward their own solutions. For example, NAI has made an important supplement and reinforcement to the traditional firewall technology, and its latest Windows NT firewall system, Gauntle Firewall113.0, contains the research results of NAI technical experts for many years, such as "adaptive proxy technology".