Hello, welcome toPeanut Shell Foreign Trade Network B2B Free Information Publishing Platform!
18951535724
  • General remarks on cybersecurity — firewall doctrine and design

       2026-05-01 NetworkingName860
    1111111
    Key Point:Overview of the firewallThe firewall is a device that is a combination of software/hardware equipment, usually located between the enterprise's internal local area network and the internet, limiting internet users ' access to the internal network and managing access to the internet by internal users. In other words, a firewall provides a blockade between an internal network that is considered safe and credible and an external network (usually int

    Overview of the firewall

    The firewall is a device that is a combination of software/hardware equipment, usually located between the enterprise's internal local area network and the internet, limiting internet users ' access to the internal network and managing access to the internet by internal users. In other words, a firewall provides a blockade between an internal network that is considered safe and credible and an external network (usually internet) that is considered less secure and credible. Without firewalls, the safety of the entire internal network is entirely dependent on each host, so all hosts must meet a consistent high level of security, which is very difficult to operate in practice. The firewall, which is designed to operate only specialized access control software without other services, also means that there are relatively few deficiencies and security gaps, which makes security management easier, easier to control and the internal network safer. The firewall is based on the principle of ensuring, to the extent possible, the integrity of the internal network while ensuring that the network is open. It's a passive technology, a static security component。

    1. Firewall design requirements

    (involved attack on defense):

    All data entering and leaving the network will be allowed through firewalls (but not necessarily filtering) only authorized data streams through firewall firewalls themselves to control user control behaviour 3 for intrusion 2 for the four control mechanisms provided by firewalls, several basic functions of firewalls 2 for firewalls and for firewall classification

    In general, the higher the firewall works in the osi model, the more information it checks in the data pack, the longer the work cycle of the handlers it consumes; the closer the firewall inspection package to the upper layers of the osi model, the higher the level of security protection the firewall structure provides, as more information is available at the top level for security decision-making。

    Firewall works on the network floor

    Osi 7-level model memory portal: a list of online events

    0, pack filter firewall

    The filtering wall is also referred to as a cluster filter router and as a network-level firewall because it works on the network floor. The router is a network-level firewall because the filtering of the package is intrinsic to the router. It generally determines whether the package is allowed to pass by checking the individual package's address, protocol, port, etc., with both static and dynamic filters. The firewall provides internal information on the status of the connections adopted and the content of some data streams, compares the judgement information with the table of rules, which defines rules to indicate whether or not the package is approved or rejected. The package filters the firewall to check each rule until it is found that the information in the package is consistent with a rule. In the absence of a single rule, the firewall will use the default rule (discarding the package). When developing data package filter rules, make sure the package is two-way

    1. Static package filtering firewalls

    Working on the network level

    For the static package filtering firewalls, the decision whether to receive or reject a data package depends on the inspection and determination of the specific domain of the ip head and protocol in the package。

    Firewall works on the network floor

    Check specific domains of the package, including: source address, destination address, application or protocol, source port number, destination port number

    On each package filter, the security manager defines a form based on the enterprise's security strategy, also known as the access control rulebook. The repository contains many rules to indicate whether the firewall should be rejected or accepted。

    Advantages and disadvantages: small impact on network performance and low cost; low security, lack of state perception, vulnerability to ip fraud and difficulty in creating access control rules。

    The static package filtering firewalls have three main functions:

    2. Dynamic package filtering firewalls

    Package does not need to be checked after connection is created

    Advantages and disadvantages: low impact on network performance, state perception and significant improvement in performance; low security, vulnerability to ip fraud, difficulty in creating rules (the order of rules must be considered)

    Check specific domains of the package, including: source address, destination address, application or protocol, source port number, destination port number

    3. Circuit level gateway

    Working on the session level, in many respects, the circuit level gateway is only an extension of the package filtering wall, which, in addition to conducting basic package filtering checks, increases the validation of handshake information and serial numbers during connection establishment。

    Before opening a connection or circuit through the firewall, the circuit level gateway will check and confirm tcp and udp protocol sessions. As a result, more and more secure data are checked at the circuit level gateway than in the static or dynamic packs。

    Check selected domains of the package, including: source address, destination address, application or protocol, source port number, destination port number, handshake information and serial number

    Advantages:

    There is some impact on network performance, which is less filtering than packages, but better than the application of proxy firewalls. Direct connection between the external network and the rear firewall server was cut. High security。

    Disadvantages:

    It's impossible to resist a layer invasion. Many of the codes of circuits and gateways need to be modified when programmes and resources are increased. 4. Application level gateway

    Working on the application level, which only filters data streams for specific services, the application level gateway must develop a specific proxy for specific application services。

    As with the wiring gateway, the application level gateway intercepts data packages entering and leaving the network, and runs proxy programs to replicate china's messages via the gateway, acting as proxy servers. It avoids direct connections between a trusted server in the intranet or an untrustworthy host in the customer opportunity extranet。

    The main work is on the application level, also known as the application layer firewall. It checks the incoming and outgoing data packages, copys the data by itself, transfers the data, and prevents direct contact between the recipient host and the non-recipient host. The application layer gateway can understand the protocol on the application layer, make complex access controls, and do fine registration and clearance. The basic work process is to send the data request to the server when the client needs to use the data on the server, and the proxy server then requests the data from the server on the basis of this request, and then transmits the data from the proxy server to the client. Common application level gateways already have corresponding proxy services such as http, smtp, ftp, telnet, etc., but there are no corresponding proxy services for newly developed applications, which will be provided through network firewalls and general proxy services. The application layer gateway has better access control capabilities and is currently the most secure firewall technology. Can provide content filtering, user authentication, page caches and nat. But there is a problem with some of the application layers that lack "perception." the application layer gateway requires the corresponding proxy software, which is used with a high volume of work and is less efficient than the network layer firewall。

    Advantages:

    Create simple log functional rules in known security models with robust authentication capabilities that are secure

    Disadvantages:

    Low flexibility and complexity

    Application-level gateways and circuit-level networks are concerned about the end-to-end flow of data

    5. Status detection firewall

    While the status detection firewall works at all seven levels of the osi model and is therefore theoretically highly secure, most of the existing status detection firewalls work only on the network layer, so their security is comparable to the package filtering firewalls。

    Filter all seven floors

    Advantages:

    Increased security against protocol-specific attacks that do not break client/server models to provide integrated dynamic package filtering

    Disadvantages:

    Unacceptable security risk 6 to switch agents due to one-way design, low performance, inability to combine and fail to break the client/server structure

    It's actually a combination of a dynamic package filter and a circuit-level agent。

    The first three handshakes are the circuit level gateway, which is then switched to the dynamic package filter working mode. Therefore, the switch agent works first on the osi session level, i. E. The 5th floor; then, when the connection is completed, switch to the dynamic package filter mode, i. E. The 3rd floor of the network layer working on osi。

    Firewall works on the network floor

    7. Air gap firewall

    It's also called a safety net

     
    ReportFavorite 0Tip 0Comment 0
    >Related Comments
    No comments yet, be the first to comment
    >SimilarEncyclopedia
    Featured Images
    RecommendedEncyclopedia