Table of Contents
A Firewall PC is an organic combination of various software and hardware devices for security management and screening. It can help computer networks build a protective barrier between the internal network and the external network, to protect the security of user data and information.
The function of Firewall PC technology is mainly to discover and deal with the possible security risks and data transmission problems when the computer network is running. The treatment measures include isolation and protection. At the same time, it can record and detect various operations in computer network security, which can ensure the security of computer network operation, as well as the integrity of user data and information, and at the same time, it can provide users with better and safer computer’s web experience.
The so-called Firewall PC refers to a protective barrier composed of software and hardware devices, constructed on the interface between the intranet and the extranet, between the private network and the public network. It is a graphic description of a method to obtain security, it is a combination of computer hardware and software, which establishes a security gateway (Security Gateway) between the Internet and the Intranet, thereby protecting the intranet from the intrusion of illegal users. The firewall is mainly composed of service access rules, verification tools, and packages Filtering and application gateway are composed of 4 parts. A firewall is a software or hardware between a computer and the network it is connected to. All network traffic and packets to and from this computer pass through this firewall.
In the network, the so-called “firewall” refers to a method that separates the internal network and the public access network (such as the Internet), which is an isolation technology. A firewall PC is an access control measure enforced when communicating between two networks. It allows people and data you “agree” to enter your network while keeping people and data you “disagree with” out of the door. Limit network hackers to access your network. In other words, people inside the company cannot access the Internet without going through the firewall, and people on the Internet cannot communicate with people inside the company.
The firewall PC is well protected. An intruder must first pass through the Firewall PC’s security lines to gain access to the target computer. Most people configure firewall pc with many different levels of protection. If so, a higher level of protection will disable some services, but it can provide better protection.
(1) All network data flows between the internal network and the external network must pass through the Firewall PC
This is the characteristic of the network location where the Firewall PC is located, and it is also a prerequisite. Because only when the Firewall PC is the only communication channel between the internal and external networks, can the internal network of the enterprise network be fully and effectively protected from damage. According to the “Information Assurance Technology Framework” formulated by the National Security Agency, the firewall applies to the boundary of the user’s network system and belongs to the security protection device of the user’s network boundary. The so-called network boundary refers to two network connections with different security policies, such as the connection between the user network and the Internet, the network connection with other business units, and the connection between different departments of the user’s internal network. The purpose of a firewall is to establish a security control point between network connections and to audit and control the services and access to and from the internal network by allowing, denying, or redirecting data flows that pass through the firewall. A typical firewall architecture network structure is shown in the figure below. As can be seen from the figure, one end of the firewall is connected to the internal LAN of the enterprise, and the other end is connected to the Internet. All communication between internal and external networks must go through the firewall.
(2) Only the data flow that conforms to the security policy can pass through the Firewall PC
The most basic function is to ensure the legitimacy of the network traffic, and on this premise, the network traffic can be quickly forwarded from one link to another link. Starting from the earliest firewall model, the original Firewall PC is a “dual-homed host”, that is, it has two network interfaces and two network layer addresses at the same time. The firewall receives the traffic on the network through the corresponding network interface, uploads it in sequence according to the seven-layer structure of the OSI protocol stack, conducts access rules and security review at the appropriate protocol layer, and then sends the packets that meet the passing conditions from the corresponding network interface. Send out, and block those packets that do not meet the passing conditions. Therefore, from this point of view, a Firewall PC is a multi-port (network interface >= 2) forwarding device similar to a bridge or router, which spans between multiple separate physical network segments and transmits packets between During the forwarding process, the inspection of the message is completed.
(3) The Firewall PC itself should have very strong anti-attack immunity.
This is a prerequisite for the firewall to take on the important task of internal network security protection. The firewall PC is like a border guard, it faces the intrusion of hackers all the time, which requires the firewall itself to have a very strong ability to resist intrusion. It has such a strong ability because the firewall operating system itself is the key. The reason why it has such a strong ability is that the firewall operating system itself is the key, and only the operating system that has a complete trust relationship can talk about the security of the system. The second is that the firewall itself has a very low service function. Except for the special Firewall PC embedded system, no other applications are running on the firewall.
0