What Are the Different Types of Small Business Firewall?
Enterprise firewalls are currently the first choice for financial, telecommunications, and government agencies to protect internal network security. According to statistics, the three share nearly 70%. However, what the firewall does and what kind of network attacks can be prevented may not be known to everyone.
Enterprise firewall
- This entry lacks an overview map . Supplementing related content makes the entry more complete and can be upgraded quickly. Come on!
- Chinese name
- Enterprise firewall
- Object
- Finance, telecommunications, and government agencies
- Protect
- Intranet security
- Example
- Prevent bank server user account information from leaking
- Enterprise-level firewalls are currently the first choice for financial, telecommunications, and government agencies to protect internal network security. According to statistics, the three share nearly 70%. However, what the firewall does and what kind of network attacks can be prevented may not be known to everyone.
- Now let us introduce the purpose and function of the firewall:
- 1. Who is the object protected by the firewall and how does it implement the protection function?
- In a broad sense, firewalls protect the security of corporate internal network information, such as preventing the leakage of important information such as bank server user account information, confidential information of government departments, and combat plans and strategies in the army. In a narrow sense, the firewall protects the security of each computer in the company's internal network and prevents the computer from all malicious access or attacks from non-secure networks outside the company. The firewall's protection of the internal network is achieved by physically isolating the internal and external networks, and then controlling the access behavior through the firewall according to a pre-defined security policy to achieve effective control of corporate internal network access. Firewalls usually have two modes of operation: bridge mode and routing mode.
- If the firewall is installed between the corporate intranet and the Internet as a security barrier, it is best to choose a routing mode in which the network address translation function and proxy function of the firewall can be used to fully protect the corporate network from attacks from the Internet. If you need to protect hosts in different areas (departments) on the same subnet, you can choose the bridge mode. At this time, there is no need to change the original network topology. For example, the financial department of an enterprise is an important department of the enterprise. Even internal employees are not allowed to access it casually. Therefore, special protection is needed. But the enterprise network has already been built, and the corresponding transformation will bring a lot of work. At this time, you can choose the firewall bridge working mode, which does not need to modify the corporate network structure, and it is also possible to prevent unauthorized personnel from accessing the host of the Finance Department without authorization from the firewall. In this way, the effect of confidentiality and protection of local information has been achieved.
- 2. Does the firewall only protect against external attacks?
- In fact, the firewall is very sensitive to improper access behavior between the internal and external networks through the firewall. Even internal employees who violate corporate security policies will be blocked and notified to network administrators by the firewall in a timely manner. For example, an enterprise-level firewall with MAC address binding function can bind the IP address of each host on the internal network with the physical address of the host's network card, which can effectively prevent users from modifying the IP address. Unauthorized access. In addition, the firewall supports two-way network address translation: source address translation (SNAT) and destination address translation (DNAT). Through source address translation, the external network cannot understand the structure of the internal network, thereby improving the security of the internal network. At the same time, source address translation can save IP address resources (intranet hosts can use private addresses). Enterprise firewalls allow administrators to define a time frame so that the rule will only work within that time frame. Through this control mechanism, enterprises can be provided with more flexible configuration policies. For example, rules can be defined to only allow employees and managers of the company's marketing department to access the Internet at any time, while employees in other departments can only access the Internet during lunch break. Having this function not only saves a large amount of network access fees for the enterprise, but also improves the security capabilities of the internal network.
- 3. What can the firewall do to deal with headache-prone spam?
- The firewall generally provides special application proxy for protocols such as HTTP, WWW, FTP, and TELNET. In addition, it can also provide mail (SMTP) proxy, RPC & UDP proxy, general application proxy (which can proxy all TCP / IP-based applications or services), etc. FTP and TELNET proxy from outside to inside provide strong user authentication mechanism, which can effectively prevent password guessing attacks by hackers; and the mail (SMTP) proxy function provided by the firewall can prevent mail bomb attacks and filter spam. Using application-layer proxies can effectively defend against application-based attacks that can pass through packet-filtering firewalls.
- 4. If the firewall is "ill", who is responsible for network security?
- In order to meet the higher requirements of enterprises for the reliability of firewalls, most firewalls provide dual-machine hot backup function, that is, when the primary firewall is "ill" (failure), the backup firewall will assume the role of the primary firewall and be able to Identify and automatically take over all functions of the main firewall to ensure the normal operation of the network.
- 5. Which network attacks can the firewall prevent?
- The firewall will set some basic rules by default and does not require user participation. It can effectively prevent basic network attacks such as IP address spoofing, Ping of death, teardrop, and Syn flooding, and protect the internal network and firewall from various forms of denial of service attacks and illegal access.
- 6. How does the firewall distinguish between normal login and illegal login?
- The firewall has a strong sense of self-protection. Network administrators must pass strong user authentication to log in to the firewall and modify configuration files on the firewall. The strong user authentication provided by the enterprise-level firewall uses two-factor authentication (key password + firewall one-time password) to ensure that the administrator is not impersonated, and manages the communication between the host (which can be placed anywhere on the internal and external network, including dial-up networking) and the firewall Encrypted transmission is used to prevent hackers from stealing data with network sniffer. This mechanism can prevent hackers from impersonating administrators to tamper with firewall files and obtain sensitive information.
- 7. The firewall should be the most effective assistant for the network administrator. What form does it use to report the network operation status?
- The process monitor inside the enterprise-level firewall monitors the running status of the firewall in real time; the log system provides powerful log auditing functions and detailed log analysis statistics reports; the traffic statistics module provides traffic statistics reports and curves based on a single host. The system administrator can view the running status of the firewall and browse various reports on the management host in real time, so that the administrator can understand the firewall and network operation status at a glance. To avoid running out of system hard disk space, the log files saved by the firewall are periodically scrolled, and the maximum saving time can be set by the user. At the same time, the optional real-time log backup module can realize remote storage of logs.
- After understanding the basic functions of the firewall, we should deepen the concept of network security. The threat to the network is not only caused by viruses. In fact, various hacking methods have increasingly formed our normal work and life. Threats, therefore, when constructing and improving the internal network of the enterprise, careful consideration and selection are needed.