What are Firewalls?

The firewall technology is a kind of protection of user data and information security by organically combining various software and hardware devices for security management and screening to help computer networks build a relatively isolated protection barrier between its internal and external networks. technology. ^[1]

The function of firewall technology is mainly to detect and deal with the possible security risks and data transmission problems when the computer network is running. The measures include isolation and protection. At the same time, it can record and detect various operations in computer network security. Ensure the security of computer network operation, ensure the integrity of user data and information, and provide users with a better and more secure computer network experience. ^[1]

Chinese name: Firewall
Foreign name: Firewall
Advent time: 1993

Function: Information security protection
Attributes: Security hardware system or security software
Alias: Protective wall, fire wall

Basic definition of firewall

The so-called "firewall" refers to a method of separating the internal network and the public access network (such as the Internet). It is actually an applied security technology and isolation technology based on modern communication network technology and information security technology. It is more and more used in the interconnected environment of private network and public network, especially to access the Internet. ^[2]

The firewall generation is mainly based on the use of hardware and software to create a protective barrier between the internal and external network environments, so as to achieve the blocking of computer unsafe network factors. Only with the consent of the firewall can users enter the computer. If they do not agree, they will be blocked. The alarm function of the firewall technology is very powerful. When external users want to enter the computer, the firewall will promptly respond accordingly. Alerts, remind users of their behaviors, and make self-judgments to determine whether to allow external users to enter the interior. As long as they are users in the network environment, this type of firewall can conduct effective queries, and meanwhile The user displays it, and then the user needs to implement the corresponding settings on the firewall according to his own needs, and block the user behavior that is not allowed. The firewall can also effectively view the flow of information and data, and can also grasp the upload and download speed of data information, which is convenient for users to have a good control of the use of the computer, and the internal conditions of the computer can also pass through this kind of firewall For viewing, it also has the function of starting and closing the program, and the log function in the computer system is actually the firewall's summary and arrangement of the computer's internal system real-time security and daily traffic. ^[2]

A firewall is an access control standard implemented when two networks communicate, which can prevent hackers in the network from accessing your network to the greatest extent. A combination of a series of components placed between different networks (such as a trusted intranet and an untrusted public network) or network security domains. It is the only entry and exit of information between different networks or network security domains. It can control (allow, deny, monitor) the information flow to and from the network according to the security policy of the enterprise, and has strong anti-attack capabilities. It is an infrastructure that provides information security services and achieves network and information security. Logically, the firewall is a splitter, a limiter, and an analyzer, which effectively monitors any activity between the internal network and the Internet, ensuring the security of the internal network. ^[2]

Firewall function

1.Intrusion detection function

One of the main functions of network firewall technology is the intrusion detection function, which mainly includes anti-port scanning, detection of denial of service tools, detection of CGI / IIS server intrusion, detection of Trojan or network worm attacks, detection of buffer overflow attacks, etc. It can reduce the invasion of network threats and effectively block most network security attacks. ^[3]

2.Network address translation function

Using firewall technology can effectively implement IP address translation of internal or external networks, which can be divided into source address translation and destination address translation, that is, SNAT and NAT. SNAT is mainly used to hide the internal network structure, to avoid illegal access and malicious attacks from the external network, and effectively alleviate the shortage of address space. DNAT is mainly used for external hosts to access internal hosts to prevent internal networks from being attacked. ^[3]

3, network operation audit monitoring function

This function can effectively record all operations and security information of system management, provide statistical data about network usage, and facilitate computer network management for information tracking. ^[3]

4. Strengthen network security services

The firewall technology management can realize centralized security management. The security system is assembled on the firewall, and network information security can be supervised in the way of information access. ^[3]

The importance of firewalls

1. Record data information in computer networks

Data information has a positive role in promoting the construction of computer networks, and it also has a certain degree of impact on the security of computer networks. The firewall technology can collect data transmission, information access, and other aspects during the operation of the computer network. At the same time, the collected information can be classified and grouped to find out the data information with potential security risks and take targeted measures. Take measures to effectively prevent these data information from affecting the security of the computer network. In addition, after summarizing the data information recorded in the firewall, the staff can clarify the characteristics of different types of abnormal data information, thereby effectively improving the efficiency and quality of computer network risk prevention and control work. ^[4]

2. Prevent staff from visiting websites with potential security risks

A significant part of computer network security problems are caused by staff entering security-prone websites. Through the application of firewall technology, workers' operations can be monitored in real time. Once workers are found to be entering a site with potential security risks, the firewall will immediately issue an alert, thereby effectively preventing staff from accidentally entering sites with potential security risks, and effectively improving access Work safety. ^[4]

3.Control unsafe services

During the operation of the computer network, many unsecure services will appear. These unsecure services will seriously affect the security of the computer network. The application of firewall technology can effectively reduce the actual operational risks of workers, which can effectively block unsafe services and effectively prevent illegal attacks from affecting the computer network security. In addition, firewall technology can also implement the monitoring of various tasks in the computer network, thereby enabling computer users to perform various tasks in a safe and reliable environment, effectively preventing users from being brought by computer network problems. Economic loss. ^[4]

Main types of firewall

The firewall is an important component of modern network security protection technology, which can effectively protect against external intrusion and influence. With network technology means

Firewall technology With the improvement of the firewall technology, the functions of the firewall technology are also constantly improved, which can realize the filtering of information and ensure the security of the information. A firewall is a defense system that plays a role in the intermediate process between internal and external networks. It has the value and role of security protection. Through the firewall, you can effectively circulate internal and external resources and deal with various security risks in a timely manner, thereby improving Information data security. The firewall technology has a certain anti-attack ability and has a self-protection effect against external attacks. With the advancement of computer technology, the firewall technology is also constantly developing. ^[5]

(1) Filtering firewall

The filtering firewall is in the network layer and the transport layer, and can be analyzed based on the data source address and the signature characteristics of the protocol type to determine whether it can pass. Under the standards of the firewall, information can be transmitted only when the security performance and type are met, and some insecure factors will be filtered and blocked by the firewall. ^[5]

(2) Application proxy type firewall

The main scope of application proxy firewall is at the highest level of OIS, which is above the application layer. Its main feature is that it can completely isolate the network communication flow, and can achieve the monitoring and control of the application layer through a specific agent. These two types of firewalls are more commonly used, and some other firewalls are also more effective. In actual applications, you must choose the type of firewall based on specific requirements and conditions, so that you can effectively avoid problems such as external intrusion by the firewall. Appear. ^[5]

(3) Composite type

At present, the more widely used firewall technology is the composite firewall technology, which combines the advantages of packet filtering firewall technology and application of proxy firewall technology. For example, if the security policy sent is a packet filtering policy, you can perform access control on the header part of the message. ; If the security policy is a proxy policy, you can perform access control on the content data of the message. Therefore, the composite firewall technology combines the advantages of its components, while abandoning the original disadvantages of the two firewalls, greatly improving the firewall technology. Flexibility and security in application practice. ^[3]

Key firewall technologies

1. Packet filtering technology

The packet filtering technology of the firewall is generally only applied to the data of the model network layer of the OSI7 layer, which can complete the state detection of the firewall, so that the logical policy can be determined in advance. The logical policy is mainly for the address, port and source address. All data passing through the firewall needs to be analyzed. If the information and policy requirements in the data packet do not match, the data packet can pass smoothly. If it is completely consistent , Its data packets are quickly intercepted. In the process of computer data packet transmission, it is generally decomposed into many small data packets composed of destinations and geology. When they pass through the firewall, although they can be transmitted through many transmission paths, they will eventually converge in the same place. In this destination location, all data packets need to be tested by the firewall, and they will be allowed to pass only after they pass the test. If there are packet loss and address changes during the transmission process, they will be blocked. abandon. ^[2]

2.Encryption technology

In the process of computer information transmission, with the help of a firewall, information can also be effectively encrypted. Through this encryption technology, relevant personnel can effectively encrypt the transmitted information. Among them, the information password is mastered by both parties to exchange information. Receiving personnel need to decrypt the encrypted information before they can obtain the transmitted information data. In the application of firewall encryption technology, we must always pay attention to the security of information encryption processing. In the application of firewall technology, to realize the secure transmission of information, it is also necessary to verify the identity of the user. After the encryption process, the transmission of information needs to authorize the user, and then the identity of the receiver and sender of the information is verified. Therefore, a channel for secure information transmission is established to ensure that the computer's network information has good security in the transmission. Illegal elements do not have the correct identity verification conditions. Therefore, they cannot invade the computer's network information. ^[2]

3.Anti-virus technology

The firewall has the function of anti-virus. In the application of the anti-virus technology, it mainly includes the aspects of virus prevention, removal and detection. As far as the anti-virus prevention function of the firewall is concerned, during the network construction process, a corresponding firewall is installed to strictly control the information and data between the computer and the Internet, thereby forming a security barrier to the computer's external network and internal network. Data protection. If computer network is to be connected, it is generally achieved through the Internet and router connection. To protect the network, you need to start from the backbone network and implement control on the central resources of the backbone network to prevent illegal access to the server. Illegal intrusions steal information. The data accessed at the ports connected to the computer must also be strictly checked for Ethernet and IP addresses. The stolen IP addresses will be discarded, and important information resources will be fully recorded. Ensure that the computer's information network has good security. ^[2]

4, proxy server

Proxy server is a widely cited function of firewall technology. According to the network operation method of its computer, the corresponding proxy server can be set through firewall technology, so that the proxy server can exchange information. When the information data is sent from the internal network to the external network, the information data will carry the correct IP. Illegal attackers can use the information data IP of the bureau as the tracking target to let the virus enter the internal network. If a proxy server is used, It is possible to realize the virtualization of the information data IP. In the tracking of the virtual IP, an illegal attacker cannot obtain the real analytical information, so that the proxy server realizes the security protection of the computer network. In addition, the proxy server can also transfer information data, control the internal and external information exchange of the computer, and protect the computer's network security. ^[2]

Firewall deployment method

A firewall is a hardware device deployed on the network to enhance network security protection capabilities. There are multiple deployment methods, including bridge mode, network management mode, and NAT mode. ^[6]

1.Bridge mode

Bridge mode can also be called transparent mode. The simplest network consists of a client and a server, and the client and server are on the same network segment. for safety

Firewall technology In terms of consideration, a firewall device is added between the client and the server to perform security control on the passing traffic. A normal client request is sent to the server through the firewall, and the server returns the response to the client, and the user will not feel the existence of the intermediate device. The firewall working in bridge mode does not have an IP address. When the network is expanded, there is no need to re-plan the network address, but the functions of routing and VPN are sacrificed. ^[6]

Gateway mode

The gateway mode is applicable when the internal and external networks are not on the same network segment. The firewall sets the gateway address to implement the function of the router, and performs routing and forwarding for different network segments. The gateway mode has higher security than the bridge mode. It implements security isolation while performing access control, and has a certain degree of privacy. ^[6]

3.NAT mode

NAT (Network Address Translation) address translation technology uses a firewall to translate the IP address of the internal network, and uses the firewall's IP address to replace the source address of the internal network to send data to the external network; when the response data traffic from the external network returns to the firewall, The firewall then replaces the destination address with the source address of the internal network. NAT mode can realize that the external network cannot directly see the IP address of the internal network, which further enhances the security protection of the internal network. At the same time, in the NAT mode network, the internal network can use private network addresses, which can solve the problem of limited number of IP addresses. ^[6]

If the external network needs to access internal network services based on the NAT mode, you can also use address / port mapping (MAP) technology to configure address / port mapping on the firewall. When external network users need to access internal services , The firewall maps the request to the internal server; when the internal server returns the corresponding data, the firewall forwards the data to the external network. The use of address / port mapping technology enables external users to access internal services, but external users cannot see the real address of the internal server, only the address of the firewall, which enhances the security of the internal server. ^[6]

4.High reliability design

Firewalls are deployed at the entrance and exit of the network and are the door to network communication. This requires that the deployment of the firewall must have high reliability. The service life of general IT equipment is designed to be 3 to 5 years. When a single point of equipment failure occurs, redundancy technology must be used to achieve reliability, and technologies such as virtual routing redundancy protocol (VRRP) can be used to achieve primary and backup redundancy. Currently, mainstream network equipment supports high reliability designs. ^[6]

Specific application of firewall

1.Firewall technology in the intranet

The setting position of the firewall in the internal network is relatively fixed. Generally, it is set at the entrance of the server. By controlling external visitors, it can protect the internal network. Users in the internal network can Clear permissions planning for your own needs, so that users can access the planned paths. In general, the firewall in the internal network mainly plays the following two functions: First, the application of authentication, multiple behaviors in the internal network have remote characteristics, and can only be carried out through related authentication under the constraint; Record access records to avoid own attacks and form security policies. ^[5]

2. Firewall technology in the external network

The firewall applied to the external network mainly plays its preventive role. The external network can enter the internal network only when the firewall is authorized. When setting up a firewall for the external network, you must ensure comprehensiveness, so that all network activities on the external network can be monitored by the firewall. If an illegal intrusion occurs on the external network, the firewall can actively refuse to provide services for the external network. Based on the role of the firewall, the internal network is completely closed to the external network, and the external network cannot resolve any information on the internal network. The firewall becomes the only way for the external network to enter the internal network. Therefore, the firewall can record the activities of the external network in detail and aggregate them into logs. The firewall analyzes the daily logs to determine whether the external network behavior has attack characteristics. ^[5]

Future trends in firewalls

With the continuous development of network technology, firewall-related products and technologies are also continuously progressing. ^[7]

(1) product development trend of firewall

At present, as far as firewall products are concerned, new products include: intelligent firewalls, distributed firewalls, and systematic applications of network products. ^[7]

Intelligent firewall: Adding artificial intelligence identification technology to firewall products not only improves the security defense capabilities of the firewall, but also because the firewall has a self-learning function, it can prevent the latest attacks from the network. ^[7]

Distributed firewall: A new type of firewall architecture. Network firewall, host firewall and management center are the components of distributed firewall. Traditional firewalls are actually firewalls that implement protection at the edge of the network, while distributed firewalls add another layer of security protection inside the network. The advantages of distributed firewalls are: support for mobile computing; support for encryption and authentication functions, independent of network topology, etc. ^[7]

Systematic application of network products: mainly refers to the direct integration of security products of certain manufacturers with firewalls, packaged sales. In addition, although some manufacturers' products are independent of each other, they can communicate with each other. ^[7]

(2) Technology development trend of firewall

As one of the most core technologies in firewall technology, packet filtering technology has its own obvious disadvantages: it does not have the authentication mechanism and user role configuration function. Therefore, some product developers have integrated the AAA authentication system into the firewall to ensure that the firewall has the ability to support security policies based on user roles. Multi-level filtering technology is to set multiple layers of filtering rules in the firewall. At the network layer, packet filtering technology is used to intercept all spoofed IP source addresses and source routing packets; according to the filtering rules, the transport layer intercepts all protocols and data packets that are not allowed to enter / exit; at the application layer, gateways such as FTP and SMTP This kind of Internet service monitors and controls. ^[7]

In summary, the above-mentioned technologies are effective supplements to existing firewall technologies, and are complementary measures to enhance existing firewall technologies. ^[7]

(3) the development trend of the firewall architecture

With the continuous improvement of software and hardware processing capabilities and network bandwidth, the data processing capabilities of firewalls have also improved. Especially in recent years, the development of multimedia streaming technology (online video) requires that the processing delay of the firewall must be smaller and smaller. Based on the above business requirements, firewall manufacturers have developed firewall products based on network processors and application-specific integrated circuits (ASICs). The firewall based on the network processor still depends on the solution of the software system, so the performance of the software directly affects the performance of the firewall. And ASIC-based firewall products have customized, programmable hardware chips and matching software systems, so the superiority of performance is self-evident, which can well meet customer requirements for system flexibility and high performance. ^[7]