第1个回答 2008-06-20
Internet to the development of the structure of government, enterprises and institutions brought about a revolutionary reform and opening up. They are efforts through the use of Internet to improve efficiency and market reaction speed, so that more competitive. Through the Internet, enterprises can recover important data from different places, at the same time opening up the face of Internet data security to the new challenges and new dangers: that is, customers, vendors, mobile users, remote and internal staff to ensure the safety and Protection of confidential business information from hackers and industrial espionage invasion. So companies must build security and the "trenches" and the "trenches" is a firewall.
Firewall technology is built on a modern telecommunications network technology and information security technology based on the application of safety technology, more and more used in private network and public network of interconnected environment, in particular, to connect to the Internet network as the most substantial.
1. What is a firewall »
Firewall is set up in different networks (such as the trusted internal network and unreliable public network) or network security domain between the components of a series of combinations. It is different networks or network security domain of information between the only entrance, according to corporate security policy control (allowing, refused, monitoring) network access to the information flow, and itself has strong anti-attack capability. It is to provide information security services, network and information security infrastructure.
Logically, the firewall is a separator, a limiter, is also an analyzer, the effective monitoring of the internal network and the Internet between any of the activities to ensure the safety of the internal network.
2. Firewall can do what »
The firewall is the network security barrier:
A firewall (as a block, control point) can greatly improve a network of internal security and insecurity through the filter of services and reduce risk. As only carefully selected application protocol can be through the firewall, so the network environment has become more secure. If a firewall can be prohibited, such as the well-known unsafe and out of the agreement NFS protected networks, such external attackers can not be used to attack fragile agreement Intranet. Firewall at the same time can protect the network from attack based on routing, such as IP routing options in attack and the source of ICMP redirect redirect path. Firewall should be able to reject all of the above types of attacks reported, and notify the firewall administrator.
Firewall can strengthen network security policy:
Through the firewall as the center of the security plan configuration, can all security software (such as passwords, encryption, authentication, auditing, etc.) on the firewall configuration. And the issue of network security will be distributed to the various host compared to the firewall on the safety management more economical. For example, network access, once a system of passwords and other identity authentication system can not scattered in various host, and was concentrated in a firewall.
Internet access and access to monitor the audit:
If all of the visits have been a firewall, then the firewall will be able to record these visits and make the log records, but also to provide network usage statistics. When a suspicious action, the firewall can carry out the appropriate alarm, and to provide network monitoring and attacks by the details. In addition, a collection of network use and misuse of the situation is also very important. First on the grounds that it is clear whether the firewall to ward off the attack detection and attack, and clearly the adequacy of the control of the firewall. And network usage statistics on the network needs analysis and threat analysis is also very important.