2024-07-12
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
A firewall is a network security system that restricts Internet traffic to, from, or within a private network.
The core task of the firewall –> control and protection –> security policy –> the firewall identifies traffic through security policy and takes corresponding actions.
Firewalls can be divided into several categories:
The development of firewalls is a process of continuous upgrading and improvement, and its functional protection is also richer.
Early packet filtering firewalls used a "packet-by-packet inspection" mechanism, where each packet received by the device was checked according to the packet filtering rules before deciding whether to release the packet. Obviously, this method is inefficient.
Judgment information: Source IP address, destination IP address, source port, destination port, protocol type (five-tuple)
The scope of work: Network layer, transport layer (layers 3-4)
Advantage: Easy to implement for small sites, fast processing speed and low price
Disadvantages: The rule table will quickly become large and complex and difficult to maintain. It can only be based on quintuples and cannot be extended to the application layer.
The biggest difference between a proxy firewall and a packet filtering firewall is that a proxy firewall can detect data at the application layer. A proxy firewall can also be called an application gateway firewall. The host has multiple network interfaces and can relay specific types of traffic between two connections at the application layer. This is also one of its shortcomings. Each application needs to develop a corresponding proxy function, otherwise it cannot be proxied.
Judgment information: All application layer packets
The scope of work: Application layer (7 layers)
Advantage: Checked the application layer data
Disadvantages: Low detection efficiency, extremely difficult configuration and operation, and poor scalability
The stateful inspection firewall is an extension of the packet filtering firewall. It uses the "session table technology" - first packet inspection, so the performance is better.
Judgment information: IP address, port number, TCP flag
The scope of work: Data link layer, network layer, transport layer (layers 2-4)
Advantage: Status Detection Technology
Disadvantages: Application layer control is weak and data area is not checked
UTM, also known as unified threat management, is a comprehensive security product that can provide multiple security functions as a single product, including anti-virus, anti-malware, firewall, IPS, IDS and other functions.
Features included: FW、IDS、IPS、AV
The scope of work: (2nd to 7th floors)
Advantage: The multi-functionality reduces the hardware cost, labor cost and time cost.
Disadvantages: The module series detection efficiency is low, the performance consumption is large, and it does not have the ability to protect WEB applications.
The next generation firewall is the next generation product of the traditional stateful firewall and UTM device mentioned above. It not only includes all the functions of the traditional firewall (basic packet filtering, stateful detection, NAT, VPN, etc.), but also integrates more advanced security capabilities such as application and user identification and control, intrusion prevention (IPS), etc. Compared with UTM devices, NGFW has faster processing efficiency and stronger external expansion and linkage capabilities.
Features included: FW、IDS、IPS、AV、WAF
The scope of work: 2-7th floor
Differences from UTM:
Compared with UTM, NGFW has an added web application protection function. UTM is a serial processing mechanism, while NGFW is a parallel processing mechanism. NGFW has stronger performance and more efficient management.
Software firewalls are generally developed based on a certain operating system platform, and the software is installed and configured directly on the computer. Due to the diversity of operating systems among customers, software firewalls need to support multiple operating systems such as "Unix, Linux, SCO-Unix, Windows", etc. There are many relatively easy-to-use PC software firewalls, such as: Comodo Firewall, TinyWall, ZoneAlarm Firewall, etc. The advantages of software firewalls are low cost, simple configuration, and more suitable for home use.
Hardware firewalls are actually "software firewalls" embedded in hardware, which performs these functions, thereby reducing the CPU burden of computers or servers. Compared with software firewalls, hardware firewalls are more secure, but the price and configuration difficulty are relatively high. Their application scenarios are more common in medium and large enterprises. Among them, the more famous and authoritative manufacturers include Huawei, H3C, Sangfor, etc.
According to the performance, firewalls can be divided into 100M firewalls and 1000M firewalls. 100M firewalls are usually suitable for network environments with low bandwidth, while 1000M firewalls are suitable for network environments with high bandwidth. 1000M firewalls have higher data transmission capacity and stronger security protection capabilities.
A single-host firewall, also known as a traditional firewall, is located at the edge of the network, independent of other network devices. It is similar to a PC and includes a series of basic components such as CPU, memory, hard disk, and motherboard. It has very high stability, practicality, and relatively strong throughput performance.
A router-integrated firewall is a network security device that combines the functions of a router and a firewall. It can implement routing and security policy control at the network boundary and protect the LAN from unauthorized access and network attacks. This type of device usually has the following features:
1. Routing function: It can transfer data packets from one network to another, realizing communication and data forwarding between networks.
2. Firewall function: It can detect and filter data packets entering and leaving the network, and allow or deny data traffic according to pre-set security policies to protect the network from malicious attacks, viruses and unauthorized access.
3. Integration: Integrating routing and firewall functions simplifies network architecture, reduces the number of devices, and reduces management and maintenance costs.
4. Flexibility: It usually has flexible security policy setting functions and can customize different security rules and access control policies according to network requirements.
5. Performance: It has high-performance data processing capabilities and can effectively handle large amounts of data traffic to ensure smooth and secure network communications.
Router-integrated firewalls are widely used in enterprise networks and small office/home office (SOHO) scenarios, and are an important part of network security infrastructure. By integrating routing and firewall functions, it can provide users with convenient, efficient and reliable network security protection.
Distributed firewall is a network security technology that provides more effective network security protection by distributing firewall functions in multiple locations. Traditional centralized firewalls are usually located at the network boundary and are responsible for monitoring and controlling traffic in and out of the network. Distributed firewalls push firewall functions to multiple nodes in the network, allowing network traffic to be inspected and filtered in multiple locations, thereby enhancing the network's protection against attacks and threats.
Distributed firewalls usually adopt a centralized management and decentralized execution architecture, achieving consistency of rules and policies through centralized management, while performing actual firewall functions on each node in the network, which can monitor and filter network traffic more finely. This architecture can effectively reduce the single point pressure of centralized firewalls and better cope with large-scale network traffic and complex security threats.
Distributed firewalls can also provide a more flexible deployment method, and can deploy firewall nodes in different locations according to network topology and needs, so as to better adapt to complex and diverse network environments. At the same time, distributed firewalls can also improve the processing efficiency and security of network traffic by better utilizing internal network resources.
In general, distributed firewall is a more flexible, efficient and secure network security technology that can help organizations better protect their networks from various network threats.
First, ensp needs a firewall device package. Here we use Huawei USG6000V firewall
1. First, you need to compress the compressed package
Link: USG6000V
Extraction code: 1314
2. Place a Cloud1 and a firewall
3. Right-click the firewall to import the vfw_usg.vdi unzipped above, import and start the firewall, and wait for a while.
4. After startup, the default account is: admin password: Admin@123
You will be asked to change your password later. It cannot be too simple or an error will be reported.
5. System-view enters session mode
By default, G0/0/0 has an IP address. The firewall has web control and DHCP enabled by default. You also need to enter the G0/0/0 interface to enable the management service. The real device is enabled by default, but the simulation needs to be enabled manually.
[USG6000V1-GigabitEthernet0/0/0]service-manage all permit — Enable management service
6. Enable management services
7. Configure Cloud
8. Add a UDP port and click Add
9. Then bind your network card in the binding information. You need to change the network segment of the network card to the same network segment as the firewall. You can go to the device manager to add a network card or find a virtual network card and configure the IP address of the network card. Because the default IP address of the firewall is 192.168.0.1/24, you can set the IP address to 192.168.0.2
10. Connect cloud and firewall
11. Access the 192.168.0.1 address. If it doesn’t work, try adding port 8443 at the end.
This is basically the end of the process. We will explain in detail how to use the firewall later.
I have devoted myself to the research of technology for more than 30 years. I am proficient in various languages such as Java, Linux, JavaScript, PHP, CSS, etc. I have made many contributions in the field of open source. I have established a developer documentation site to share some problems in technology development for everyone to read.
