Net Security Note 14 firewall

Language 2023-06-18 20:19:04 views: null

Firewall overview

A system consisting of software and hardware that sits between a secure network and an unsecured network to filter data flows according to access control rules set by the system administrator

  • Powerless against internal attacks and connections that bypass firewalls

How to deal with data flow

  1. Allow data flow through
  2. Deny the flow of data and reply a message to the sender that the flow has been rejected
  3. Discard the data stream, do not process these data packets, and will not send any prompt information to the sender

needs to be met

  1. All traffic entering and exiting the network must pass through the firewall
  2. Only authorized traffic is allowed through the firewall.
  3. The firewall itself is immune to intrusion

Types and Structure of Firewalls

  1. First Generation Packet Filtering Firewall
  2. Second-generation circuit-level gateway
  3. Three generations of application-level gateways
  4. Four generations of dynamic packet filtering
  5. Five generations of kernel agents/adaptive agents

Classification

  • packet filtering firewall
  • circuit level
  • application level

design structure

  • static packet filtering
  • dynamic packet filtering
  • circuit level gateway
  • application-level gateway
  • Stateful Inspection Packet Filtering
  • switch proxy
  • Air gap (physical separation)

insert image description here

Firewalls are usually built on the basis of the TCP/IP model, and there is no one-to-one correspondence between the OSI model and the TCP/IP model

insert image description here

Network Address Translation NAT

  1. Advantages of NAT: hide internal topology and improve network security
  2. Static NAT: During network address translation, there is a one-to-one correspondence between the internal network address and the external Internet IP address translation
  3. Dynamic NAT: Available Internet IP addresses are limited to a range
  4. PAT port address translation: When performing network address translation, not only the network address changes, but also the protocol port changes
  5. SNAT: Source Network Address Translation When an internal user uses a private address to access the Internet, the data source address in the IP header must be converted into a legal Internet address
  6. DNAT: Destination Network Address Translation

Guess you like

Origin blog.csdn.net/JamSlade/article/details/131155681
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com