How to improve firewall technology

If divided into software and hardware forms, firewalls can be divided into software firewalls, hardware firewalls and chip-level firewalls.

The first type: software firewall

The software firewall runs on a specific computer and needs the support of the computer operating system pre-installed by the customer. Generally speaking, this computer is the gateway of the whole network. Commonly known as "personal firewall". Software firewall, like other software products, needs to be installed on the computer before it can be used. Among firewall manufacturers, Checkpoint is the most famous one to do online software firewall. Using this firewall requires network administrators to be familiar with the operating system platform on which they work.

The second type: hardware firewall

The hardware firewall mentioned here refers to the "so-called hardware firewall". The reason why the word "so-called" is added is aimed at the chip-level firewall. The biggest difference between the two is whether it is based on a dedicated hardware platform. At present, most firewalls on the market are so-called hardware firewalls, which are based on PC architecture, which is not much different from ordinary home PCs. Running some simplified operating systems on these PC-based computers, the most commonly used are the old Unix, Linux and FreeBSD systems. It is worth noting that because this firewall still uses other people's kernels, it will still be affected by the security of the OS itself.

The traditional hardware firewall should generally have at least three ports, which are connected to the intranet, the extranet and the DMZ area (demilitarized zone) respectively. Nowadays, some new hardware firewalls often expand the ports. Common four-port firewalls generally use the fourth port as the configuration port and management port. Many firewalls can further expand the number of ports.

The third type: chip-level firewall

Chip-level firewall is based on a special hardware platform and has no operating system. Proprietary ASIC chips make them faster, more powerful and have higher performance than other kinds of firewalls. The most famous manufacturers of this kind of firewall are NetScreen, FortiNet, Cisco, etc. Because this firewall is a dedicated OS (operating system), the firewall itself has fewer loopholes, but the price is relatively high.

Although there are many firewall technologies, they can be generally divided into two categories: "packet filtering" and "application proxy". The former is represented by Israel's Checkpoint firewall and Cisco's PIX firewall, while the latter is represented by the Gauntlet firewall of NAI in the United States.

(1). Packet filtering type.

Packet filtering firewall works in the network layer and transport layer of OSI network reference model, and it decides whether to pass according to the source address, destination address, port number and protocol type of the packet header. Only packets that meet the filtering conditions will be forwarded to the corresponding destination, and the rest will be discarded from the data stream.