Joke Collection Website - Mood Talk - How about skynet antivirus? Tell me about it.
How about skynet antivirus? Tell me about it.
A firewall is a mechanism to control the packets of a host (or domain) to enter our domain.
A deeper understanding is that
First, the basic concept of firewall
In ancient times, people often built a brick wall between apartments. Once a fire breaks out, it can prevent the fire from spreading to other apartments. Now, if a network is connected to the Internet, its users can access and communicate with the outside world. But at the same time, the outside world can also access the network and interact with it. For security reasons, an intermediate system can be inserted between the network and the Internet to establish a security barrier. The function of this barrier is to block the threats and intrusions from the outside world through the network and provide the only checkpoint to guard the security and audit of this network. Its function is similar to the ancient fireproof brick wall, so we call this kind of barrier "firewall".
In a computer, a firewall is a device, which consists of software or hardware devices. It is usually located between the intranet and the Internet, which restricts Internet users' access to the internal network and manages internal users' access to the outside world. In other words, a firewall is a blocking tool between an internal network that is considered safe and trustworthy and an external network that is not so safe and trustworthy (usually the Internet). Firewall is a passive technology, because it assumes the existence of network boundaries, and it is difficult to effectively control internal illegal access. Therefore, firewalls are only applicable to relatively independent networks, such as local area networks within enterprises.
Second, the basic principle of firewall
1. Filter unsafe services.
Based on this criterion, the firewall should block all information flows, and then open the security services it wants to provide one by one, killing all unsafe services or services that may have security risks in the bud. This is a very effective and practical method, which can create a very safe environment, because only carefully selected services can be used by users.
2. Filter illegal users and visit special websites.
Based on this standard, the firewall should first allow all users and sites to access the intranet, and then the network administrator will screen unauthorized users or untrusted sites one by one according to the IP address. This method constitutes a more flexible application environment. Network administrators can open different services to different users, that is, they can freely set different access rights for each user.
Third, the basic measures of firewall
There are two main measures to realize the security function of firewall.
1. proxy server (suitable for dial-up internet access)
In this way, there is no direct communication between the internal network and the Internet, and computer users and proxy servers in the internal network adopt a communication mode, that is, providing the internal network protocol (NetBIOS, TCP/IP). The communication between the proxy server and the Internet adopts the standard TCP/IP network communication protocol, and the communication between computers inside and outside the firewall is realized through the proxy server. Its structure is as follows:
Internal network → proxy server → Internet
This successfully isolated the computer systems inside and outside the firewall. Because the two ends of the proxy server adopt different protocol standards, it can effectively prevent direct illegal intrusion from the outside world.
A proxy server usually acts as a computer with good performance, fast processing speed and large capacity. Functionally, it acts as a connector between the internal network and the Internet. For the intranet, it is like a real server, and for the server on the Internet, it is also a client. When the proxy server receives the user's request, it will check whether the site requested by the user meets the set requirements. If the user is allowed to access the site, the proxy server will connect with the site to retrieve the required information and forward it to the user.
In addition, the proxy server can provide more security options, for example, it can realize powerful data flow monitoring, filtering, recording and reporting functions, and it can also provide excellent access control, login ability and address translation ability. However, this firewall measure will inevitably affect the efficiency when there are many intranet terminals, the burden of proxy servers is heavy, and many client software accessing the Internet cannot access the Internet normally in intranet computers.
2. Routers and filters
This structure is composed of routers and filters, which are used to restrict the access of external computers to the internal network, and also to specify or restrict the access of the internal network to the Internet. Routers route data traffic only on specific ports of the filter. The main function of the filter is to selectively let the packets pass through at the network layer, and decide whether to allow the packets to pass through according to IP (Internet Protocol) packet information, IP source address, IP destination address and encapsulation protocol port number. The biggest advantage of this firewall measure is that it is transparent to users, that is to say, users do not need to enter their own account and password to log in, so it is faster than proxy servers and is not prone to bottlenecks. But its disadvantage is also obvious, that is, there is no user's usage record, so we can't find the attack record of illegal invasion from the access record.
- Previous article:A girl I like said to me, can you support me? How do I answer the phone?
- Next article:A poem about killing donkeys.
- Related articles
- Talk about simple temperament, in one word, short.
- Beautiful sentences with flowers in full bloom
- Youth inspirational talk about positive energy for yourself.
- There is always a person who lives in the bottom of his heart but says goodbye to life.
- Gingival inflammation, talk about mood
- Sadness about being single: It's good to be single, and you can be moved by someone you like.
- Tell me some short sentences related to your mentality. It’s also a rainy day.
- Write your classmate's composition. How to write a composition?
- Suitable for 17 years old youth and growing circle of friends.
- Summary of school safety education activities