First, the basic concept of a firewall
In ancient times, people often ascent between the apartment a brick wall in case of fire, it is possible to prevent the fire from spreading to other apartments.
Now, if a network received the above Internet, its users can access and communicate with the outside world. But at the same time, the outside world can also access the network and interact.
For safety reasons, you can insert an intermediary system between the network and the Internet, put up a security barrier .
This road barrier effect is blocked from the outside by cyber threats and intrusions of the network, providing a unique level security guards and auditing of this network, its role with fire brick wall of ancient times were similar, so we put this barrier is called a "firewall."
In the computer, the firewall is a device , which is composed of software or a combination of hardware together, usually in the company's internal local area network between the Internet, Internet users restrict access to the internal network and manage internal user access to external authority .
In other words, the firewall is located is considered a safe and trusted internal network and a less is considered safe and trusted external network (usually the Internet) between a blocking tool.
A firewall is a passive technology, because it assumes that the network boundary exists, unauthorized access to its interior is difficult to effectively control . Thus firewall only suitable for relatively independent networks, such as enterprise inside business local area network and the like.
1. Filter insecure service
based on this criterion , the firewall should block all traffic , security services and then hope to provide itemized open, unsafe or service may be a security risk services shall be nipped in the bud.
This is a very effective and practical method, you can create a very secure environment, since only carefully selected services to allow users to use.
2. Filter and unauthorized users access to a particular site
based on this criterion, the firewall should allow all users and site access to the internal network, and the network administrator in accordance with the IP addresses of users do not trust the site or unauthorized itemized shield .
This approach constitutes a more flexible application environment, network administrators can open different services for different user-oriented, which is free to set different for each user's access rights .