Firewall and its various types.
A system designed to prevent unauthorized access to or from
a private network. Firewalls can be implemented in both hardware and software,
or a combination of both. Firewalls are frequently used to prevent unauthorized
Internet users from accessing private networks connected to the Internet,
especially intranets. All messages entering or leaving the intranet pass
through the firewall, which examines each message and blocks those that do not
meet the specified security criteria.
There are several types of firewall techniques:
Packet filter: Looks at each packet entering or
leaving the network and accepts or rejects it based on user-defined rules.
Packet filtering is fairly effective and transparent to users, but it is
difficult to configure. In addition, it is susceptible to IP spoofing.
Application gateway: Applies security specific
applications, such as FTP and Telnet servers. This is very effective, but can
impose a performance degradation.
Circuit-level gateway: Applies security mechanisms
when a TCP or UDP connection is established. Once the connection has been made,
packets can flow between the hosts without further checking.
Proxy server: Intercepts all messages entering and
leaving the network. The proxy server effectively hides the true network
addresses.
A firewall is a set of related programs, located at a
network gateway server, that protects the resources of a private network from
users from other networks. (The term also implies the security policy that is
used with the programs.) An enterprise with an intranet that allows its workers
access to the wider Internet installs a firewall to prevent outsiders from
accessing its own private data resources and for controlling what outside
resources its own users have access to.
Basically, a firewall, working closely with a router
program, examines each network packet to determine whether to forward it toward
its destination. A firewall also includes or works with a proxy server that
makes network requests on behalf of workstation users. A firewall is often installed
in a specially designated computer separate from the rest of the network so
that no incoming request can get directly at private network resources.
There are a number of firewall screening methods. A simple
one is to screen requests to make sure they come from acceptable (previously
identified) domain name and Internet Protocol addresses. For mobile users,
firewalls allow remote access in to the private network by the use of secure
logon procedures and authentication certificates.
A number of companies make firewall products. Features
include logging and reporting, automatic alarms at given thresholds of attack,
and a graphical user interface for controlling the firewall.
In practice, many firewalls use two or more of these
techniques in concert. A firewall is considered a first line of defines in
protecting private information. For greater security, data can be encrypted.
No comments:
Post a Comment