Threat of defence
Stop known attack patterns。
Real-time analysis of flow characteristics and action in conjunction with intrusion detection/prevention systems。
Traffic monitoring and log records
Record all connections through firewalls to provide a basis for security audits and troubleshooting。
Example: tracking unusual login behaviour or data leakage attempts。
Vpn and remote access security
Provide encrypted tunnels for remote users or branches to ensure the security of data transmission。
Network segment and isolation
The internal network is divided into multiple security areas, limiting cross-regional access。
Ii. Rationale for the firewall
The firewall provides security through the following core mechanisms:
Packet filtering
Level: network level (osi level 3)。
Rationale: check the source/purpose ip, port, protocol of the package and decide to release or discard after matching with the rule library。
Characteristics: speedy but lacking context analysis, easily bypassed by ip deceptive attacks。
Status detection
Level: transfer level (osi level 4)。
Rationale: tracking the state of connection, allowing only the flow of legitimate sessions。
Example: stop externally initiated internally closed tcp connection requests。
Application layer gateway
Level: application level。
Rationale: deep resolution application protocol, filtering based on content。
Example: prevents users from accessing websites containing malicious codes。
Next-generation firewall enhancements
Integrated intrusion defence, application of identification, user identification, sandbox detection, etc。
Example: identify and block malicious software hidden in encryption traffic。
Iii. Types of equipment for firewalls
Hardware firewall
Form: independent equipment。
Advantages: high performance, accelerated proprietary hardware, suitable for enterprise-level deployment。
Scenario: data centres, large enterprise network boundaries。
Software firewall
Form: software running on server/end。
Advantages: flexible, low-cost, customized rules for specific hosts。
Site: pc, small office or cloud server。
Cloud firewall
Form: firewall service based on saas。
Advantages: no hardware deployment, automatic expansion, global flow management。
Site: protection of cloud applications, mixed cloud environments。
Virtual firewall
Form: firewall on a virtual machine。
Advantages: integration with virtual environment depth to support dynamic security strategies。
Site: virtual data centre, software definition network。
Limitations of firewalls
Indefensible internal attacks: need to be combined with zero confidence structures or terminal security solutions。
Risk circumvention: the assailant may have bypassed the firewall through encrypted passage or social engineering。
Performance bottlenecks: rules need to be optimized or distributed in high-flow scenarios。
The firewall is the “first line of defence” for network security, protecting network resources through access control, threat defence and traffic monitoring. The working principles have evolved from simple package filtering to in-depth application analysis, and equipment forms cover hardware, software, clouds and virtualization. Firewalls need to be coordinated with other security technologies to build a comprehensive security system。
