What Is a Firewall Monitor?
The so-called firewall refers to a protection barrier constructed by a combination of software and hardware devices, and constructed on the boundary between the internal network and the external network, and between the private network and the public network.
- From implementation
- The English name of the firewall is "FireWall", which is one of the most important network protection equipment. From a professional perspective, a firewall is a set of components that is located between two (or more) networks and implements access control between the networks. The original meaning of the firewall means that when wooden houses were built and used in ancient times, in order to prevent fires from spreading and spreading, people piled solid stones around the houses as a barrier. Such protective structures are called "firewalls". In fact, what works with the firewall is the "door". If there is no door, how do people in each room communicate, and how do people in these rooms get in? How did these people escape the scene when the fire broke out? This door is equivalent to the "security policy" of the firewall we are talking about here, so the firewall we are talking about here is not actually a solid wall, but a wall with some small holes. These small holes are reserved for those communications that are allowed to be installed. The filtering mechanism is installed in these small holes, which is the "one-way connectivity" described above.
- What we usually call a network firewall is borrowed from the ancient metaphor of a firewall that was actually used for fire prevention. It refers to a defense system that is isolated between the local network and the outside network. Fire protection can protect the internal network by isolating the internal local area network (LAN) of the enterprise from the Internet or from other external networks and restricting mutual access to the network.
- A typical firewall has the following basic characteristics. [6]
Where firewall technical data must go
- All network traffic between the internal network and the external network must pass through a firewall. This is a characteristic of the network location where the firewall is located, and it is also a prerequisite. Because only when the firewall is a communication channel between the internal and external networks can the network of the enterprise network department be protected comprehensively and effectively from infringement. According to the "Information Security Technology Framework" formulated by the US National Security Agency, firewalls are applicable to the boundaries of user network systems and belong to the security protection equipment of user network boundaries. The so-called network boundary refers to two network connections where different security policies are used, such as the connection between the user network and the Internet, the network connection with other business units, and the connection between different departments of the user's internal network. The purpose of the firewall is to establish a security control point between network connections. By allowing, denying, or redirecting the data flow through the firewall, the audit and control of services and access to and from the internal network is achieved.
- One end of a typical firewall network structure is connected to the local area network of enterprises and institutions, while the other end is connected to the Internet. All communication between internal and external networks must pass through the firewall, and only data flows that comply with the security policy can pass through the firewall.
Firewall technology legality of network traffic
- The most basic function of a firewall is to ensure the legitimacy of network traffic, and on this premise, network traffic is quickly forwarded from one link to another. Starting from the earliest firewall model, the original firewall was a "dual-hole host", which had two network interfaces and two network-layer addresses at the same time. The firewall receives the traffic on the network through the corresponding network interface, uploads it in accordance with the seven-layer structure of the OSI protocol stack, performs access rules and security review at the appropriate protocol layer, and then passes the packets that meet the conditions from the corresponding network interface. Send, and block those messages that do not meet the pass conditions. Therefore, from this perspective, a firewall is a multiport (network interface> = 2) forwarding device similar to a bridge or router. It is connected across multiple separate physical network segments and forwards packets. In the process of reviewing the message.
Firewall technology anti-attack immunity
- The firewall itself should have a very strong anti-attack immunity: this is a prerequisite for the firewall to be able to assume the important task of network security protection within the enterprise. The firewall is at the edge of the network. It is like a border guard. It faces hackers from time to time. This requires the firewall itself to have a very strong ability to resist intrusions. The reason why it has such a strong firewall operating system itself is the key, only the operating system with its own complete trust relationship can talk about the security of the system. The second is that the firewall itself has very low service functions. Except for the specialized firewall embedded system, there are no other applications running on the firewall. Of course, these security can only be said to be relative. The domestic firewall is almost half of the market occupied by foreign brands. The advantages of foreign brands are mainly higher in technology and popularity than domestic products. And domestic firewall manufacturers have a more thorough understanding of domestic users, and have more advantages in price. Among the firewall products, mainstream foreign manufacturers are Cisco, CheckPoint, NetScreen, etc., and domestic mainstream manufacturers are Neusoft, Tianrongxin, Lenovo, Founder, etc. They all provide different levels of firewall products.
- The hardware architecture of the firewall has experienced a general CPU architecture, an ASIC architecture, and a network processor architecture. Their respective characteristics are as follows: General CPU architecture: The most common CPU architecture is the Intel X86 architecture-based firewall. Among the 100M firewalls, The hardware of Intel X86 architecture has always been loved by firewall vendors for its high flexibility and scalability. Due to the use of the PCI bus interface, although the hardware of Intel X86 architecture can theoretically reach a throughput of 2Gbps or even higher, in actual applications , Especially in the case of small packets, far from the nominal performance, the processing power of general-purpose CPU is also very limited. The domestic security equipment mainly uses the X86-based general-purpose CPU architecture. ASIC architecture: ASIC (Application Specific Integrated Circuit, application-specific integrated circuit) technology is a technology widely adopted by foreign high-end network equipment a few years ago. Because of adopting hardware forwarding mode, multi-bus technology, separation of data plane and control plane, ASIC architecture firewall solves the problem of insufficient bandwidth capacity and performance, and the stability is also well guaranteed.
- The performance advantages of ASIC technology are mainly reflected in network layer forwarding, while the processing of application layer data that requires strong computing power is not dominant, and its flexibility and scalability are difficult to meet the requirements in the face of frequently changing application security issues. Due to the high technical and capital threshold of this technology, it is mainly adopted by well-known manufacturers at home and abroad, the main representative manufacturer abroad is Netscreen, and the main representative manufacturer in China is Tianrongxin. Network processor architecture: Due to the technical difficulty of writing the microcode used by the network processor, it is difficult to achieve the optimal performance of the product, so it is difficult for the firewall products of the network processor architecture to occupy a large market share. With the major suppliers of network processors Intel, Broadcom, IBM and others successively selling their network processor business, the application of this technology in network security products has come to an end.