Abstract : Different network segments and different LANs are like different provinces and cities, and different countries have a boundary. It is required that all personnel can only enter and exit through border checkpoints, so that they can inspect, control, record, manage, and enter the border, know who and what they carry to enter and exit the border, and can also check whether these people have legal entry and exit. Whether they are allowed to enter and exit the border is determined by the legality of the documents and the things they carry. A firewall is a border checkpoint in a computer network to protect the internal network . There are many forms of firewalls, generally a combination of software and hardware. The main function is to perform access control and content control. There are three main technologies, namely packet filtering technology, condition monitoring technology, and proxy service technology. In the system model of shielding the host, there is a gateway router at the boundary of the internal and external networks, which performs complex packet filtering, and the internal network has a bastion host responsible for proxy services, and the two cooperate with each other to realize the function of a firewall. At the same time, firewalls also have some limitations.
table of Contents
Principles of firewall technology
The architecture of the firewall
The development trend of firewall
Definition of firewall
1. Software or equipment for access control in accordance with pre-set security policies to prevent external networks from intruding on internal networks
2. Is a logical isolation component, not a physical isolation component
According to the above figure, the access between internal networks is not controlled by the firewall, and all communications entering the internal network need to pass through the firewall and pass the firewall's filtering.
The form of the firewall
1. Pure software : The firewall is a pure software running on a general-purpose computer, with flexible configuration, simple and easy to use, but the data processing capability and security level are very low
2. Pure hardware : The firewall is solidified on specially designed hardware, and the data processing and security level are very high, but the adjustment is very difficult
3. Combination of software and hardware : There are firewall dedicated hardware and a secure operating system platform, and firewall software is run on this platform.
Firewall function
1. Access control : This is the most basic and important function of the firewall. Identify the identity of the person requesting access to the internal network and control the scope of access.
2. Content control : prevent insecure data from entering the internal network
3. Security log : completely record the network communication situation, discover potential risks, and adjust the security strategy in time
4. Centralized management : In a network security system, there will be multi-state and strong distributed deployment, which is convenient for centralized management and the implementation of a unified security strategy
Principles of firewall technology
1. Packet filtering technology
In the network layer, the firewall checks the header information in the data packet (such as source address, destination address, protocol type, port, etc.), and compares the header information with the filter rules set by the implementation to determine whether to allow The key to the passage of data packets is the design of filtering rules. This is the earliest technology applied to firewalls, and it is also the simplest and most effective technology in some cases.
Advantages: No need for internal network users to do any configuration, it is transparent to users
Weaknesses: Only check the header information of the datagram, and cannot perform data-level access control
2. Condition monitoring technology
State monitoring technology is also called dynamic packet filtering technology, which adds state detection on the basis of packet filtering technology firewall. The first step is to check whether the datagram is a connected datagram in the state table . If it exists and the state is correct, it is allowed to pass. If there is no further packet filtering technology check, the state table is updated after the check passes.
3. Agency service technology
The communication parties are indirectly connected through the agents.
Application-level proxy: Gateway, which works at the application layer. After receiving the connection request, the application proxy will check the source and destination IP addresses and decide whether to allow the connection request according to the pre-set filtering rules. After the connection is established, it will filter the communication between the two parties.
Advantages : can check the data content, can realize the isolation of internal and external networks
Disadvantages : slow filtration
Security Policy and Rules
Whether it is packet filtering technology, condition monitoring technology or proxy service technology, it is based on security policies and rules. There are two basic firewall control strategies
1. What is not explicitly allowed is forbidden: this is a control-centric control strategy
2. What is not explicitly prohibited is allowed: This is a control strategy centered on unblocked access.
The architecture of the firewall
Shielded host structure : shielded host structure = router isolates internal network and external network + proxy server bastion host is deployed on the internal network. Maintain the security of the internal network through the packet filtering technology of the router and the proxy service technology of the bastion host.
Limitations of firewalls
1. The firewall is just a border security protection system. If an attacker is in the internal network, it will not be able to protect
2. The firewall is based on existing attack knowledge and cannot protect against new motives
3. The firewall has very weak control over communication content, so its ability to protect against malicious codes such as viruses, worms, and Trojan horses is very weak
The development trend of firewall
With the development of network applications and increasingly serious attacks, attack methods continue to change, and new malicious codes such as viruses, worms, and Trojan horse programs emerge in an endless stream. A single firewall technology alone can no longer meet the needs of network security. Therefore, firewall technology is gradually integrating and merging with intrusion detection technology, anti-virus technology, anti-attack technology ( such as anti-distributed denial of service attack technology, etc. ) , VPN , PKI, etc. Become a more comprehensive and complete cyber security defense system