Traditional Culture Encyclopedia - Traditional stories - What are the firewall technologies?
What are the firewall technologies?
1, network-level firewall
Generally, the judgment of passing or not is based on the source address and destination address, application, protocol and the port of each IP packet. The firewall checks each rule until it finds that the information in the packet matches the rule.
If any rules are not met, the firewall will use the default rules. Usually, the default rule is to require the firewall to drop packets. By defining the port number according to TCP or UDP packets, the firewall can determine whether to allow the establishment of specific connections, such as Telnet and FTP connections.
2. Application layer gateway
The application layer gateway can check incoming and outgoing packets, copy and transmit data through the gateway, and prevent trusted servers and clients from directly connecting with untrusted hosts. The application layer gateway can understand the application layer protocol, do some complicated access control, and do fine registration and audit.
It aims at a special network application service protocol, that is, data filtering protocol, which can analyze data packets and form relevant reports. The application gateway strictly controls some easy-to-log-in environments, controls all input and output communications, and prevents valuable programs and data from being stolen. ?
3. Circuit-level gateway
Circuit-level gateway is used to monitor the TCP handshake information between trusted client or server and untrusted host, so as to judge whether the session is legal or not. Circuit-level gateway filters packets at the session layer of OSI model, which is two layers higher than packet filtering firewall.
Circuit-level gateway proxy server function, proxy server is a special application-level code set in Internet firewall gateway. The proxy service allows the network administrator to allow or deny specific applications or specific functions of applications. Packet filtering technology and application gateway decide whether to allow specific packets to pass through through specific logical judgment, which successfully realizes the isolation of computer systems inside and outside the firewall.
4, rules check the firewall
The firewall combines the characteristics of packet filtering firewall, circuit-level gateway and application-level gateway. You can filter incoming and outgoing packets by IP address and port number at OSI network layer, and you can also check whether SYN and ACK labels and serial numbers are logical and orderly. Of course, just like the application layer gateway, it can check the contents of packets at the OSI application layer to see if it conforms to the security rules of enterprise networks.
Although the rule checking firewall integrates the characteristics of the first three, it is different from the application-level gateway in that it does not break the client/server mode to analyze the data of the application layer, and it allows trusted clients to establish direct connections with untrusted hosts. The rule checking firewall does not depend on the agent related to the application layer, but relies on some algorithm to identify the incoming and outgoing application layer data.
Extended data
When applying firewall technology, please consider the following aspects:
1, the firewall can't prevent viruses.
2. Another weakness of firewall technology is that data update between firewalls is a difficult problem. If the delay is too large, it will not be able to support real-time service requests.
Firewall uses filtering technology, which usually reduces network performance by more than 50%. If you buy a high-speed router to improve network performance, it will greatly increase the economic budget.
Firewall is a common scheme for enterprise network security, that is, public data and services are placed outside the firewall, which restricts their access to internal resources of the firewall. As a network security technology, firewall is simple, practical and highly transparent, and can meet certain security requirements without modifying the original network application system.
Baidu Encyclopedia-Waterproof Wall Technology
- Previous article:How to be a qualified livelihood news reporter
- Next article:What does it mean to take root and nourish the soul?
- Related articles
- How to use traditional virtues to correct unhealthy phenomena in contemporary society
- What are the reasons why people pay less and less attention to traditional festivals?
- The transportation principles of general fresh goods are as follows
- How to treat colon cancer?
1. surgical treatment: it is the best treatment for colon cancer, and all patients suitable for surgery should be surgically removed as soon as possible.
2. Chem
- The validity period of the Pharmaceutical Preparation License for Medical Institutions.
- Summary of Qixi activities
- What is the name of the soft and fragile inorganic material used for exterior wall decoration skin?
- Summary report on technical work of electronic specialty
- On the present situation and existing problems of brand development in China
- What is the best pipe for home heating?