当前位置:网站首页>What is a firewall? Explanation of basic knowledge of firewall
What is a firewall? Explanation of basic knowledge of firewall
2022-07-05 08:59:00 【Wanderer001】
What is a firewall ? Explanation of basic knowledge of firewall - cloud + Community - Tencent cloud
What is a firewall
Firewall is also called protective wall , It is a network security system between internal network and external network , You can isolate the internal network from the external network . Usually , Firewall can protect the interior / Private LANs are protected from external attacks , And prevent the leakage of important data . Without a firewall , Routers will blindly transfer traffic between internal and external networks without filtering mechanism , The firewall can not only monitor traffic , It can also prevent unauthorized traffic .
In the network , So-called “ A firewall ”, It refers to an intranet and public access network ( Such as Internet) The way of separation , It's actually an isolation technology . Firewall is a kind of access control scale which is executed when two networks communicate , It allows you to “ agree! ” People and data into your network , At the same time will you “ Disagree ” Of people and data , Prevent hackers from accessing your network to the maximum extent . let me put it another way , If not through the firewall , People inside the company can't access it Internet,Internet People on the company can't communicate with people inside the company .
In addition to connecting the internal LAN with the external Internet Out of isolation , Firewall can also separate ordinary data and important data in LAN , So it can also avoid internal invasion .
How Firewalls Work
There are two types of firewalls: Hardware firewalls and software firewalls , The hardware firewall allows you to pass the port's Transmission Control Protocol (TCP) Or user datagram protocol (UDP) To define blocking rules , For example, unnecessary ports and IP Address access . Software firewalls are like proxy servers that interconnect internal and external networks , It allows the internal network not to communicate directly with the external network , But many enterprises and data centers will combine these two types of firewalls , This is mainly because it can more effectively improve the security of the network .
How to choose a hardware firewall
One 、 Network throughput
Because the firewall identifies whether it complies with the security policy by filtering the incoming and outgoing data , So when the flow is relatively high , The firewall is required to detect all data packets in time at the fastest speed . Otherwise, it may cause a long delay , Even crash . Therefore, the network throughput index is very important , It reflects the availability of the firewall , It also reflects the delay cost of enterprise users using firewall products . If the firewall causes a large delay to the network , Cause great losses to users .
When purchasing a firewall, the first indicator to look at is the throughput of the firewall . Of course , The larger the throughput, the better . Because the larger the throughput , The higher the price of firewall . According to the actual situation of the enterprise , Such as the bandwidth of Internet access now , To choose the right bandwidth .
Two 、 Priority of the agreement
Now video applications are more and more widely used in enterprises . Such as video conference system 、 Voice phones and so on are very popular in enterprises . These applications will occupy a relatively large bandwidth of the enterprise . If the enterprise bandwidth cannot keep up , The quality of these applications will be greatly affected , For example, the quality of calls may be intermittent . It's like the signal of mobile phone is poor . Although this situation can be improved by improving the speed of Internet access , But this is not the preferred solution . Because increasing bandwidth requires enterprises to spend a relatively large investment . Therefore, the most ideal solution is to manage the communication flow of the enterprise . Set the traffic of some key applications to a higher priority through the firewall . In network transmission , First of all, we should ensure that these communication flows can pass first . This can significantly improve the effect of video applications such as voice calls .
3、 ... and 、 It has certain expansibility
The network of enterprises cannot remain unchanged forever . With the expansion of enterprise scale , The internal network of the company will be constantly upgraded , To meet the growing needs of enterprises . So how to consider ?
First, for the needs of subsequent expansion , It's best to buy those modular firewalls . Such words , If you add other functions later , Just buy the module . Instead of replacing the entire hardware firewall . In other words, the hardware firewall system you choose is a modular solution that can be scaled at will , From the most basic packet filter to the one with encryption VPN Type bag filter , Finally, to an independent application gateway . Only so , Can easily face the upgrading of enterprise informatization application .
Second, consider the problem of network interface . Generally, the most basic configuration of firewall has two network interfaces : Internal and external network interfaces . These interfaces correspond to the trust level of accessing the network . The external network interface is connected to an untrustworthy network , The internal network interface is connected to the trusted network . During intranet deployment , Interfaces connected to the outside may need to be connected to major parts of the company , At this time, the trust degree may be higher than that of the external network , But it is slightly lower than the trust of the internal network . But as companies' Internet business needs become more complex , Firewalls with only two interfaces have obvious limitations , May not be able to meet the needs of enterprise business . For example, the enterprise may need safety , The third interface is likely to be used in the future DMZ Interface . Therefore, for the consideration of future information application upgrading , When choosing firewall , We also need to pay attention to whether there are enough interfaces ; Or consider whether the available interfaces can be added in the form of modules in the future .
边栏推荐
- Applet (use of NPM package)
- Luo Gu p3177 tree coloring [deeply understand the cycle sequence of knapsack on tree]
- Basic number theory -- Euler function
- Beautiful soup parsing and extracting data
- Programming implementation of ROS learning 6 -service node
- [Niuke brush questions day4] jz55 depth of binary tree
- Causes and appropriate analysis of possible errors in seq2seq code of "hands on learning in depth"
- Codeforces round 684 (Div. 2) e - green shopping (line segment tree)
- [beauty of algebra] singular value decomposition (SVD) and its application to linear least squares solution ax=b
- np.allclose
猜你喜欢
Programming implementation of ROS learning 6 -service node
[matlab] matlab reads and writes Excel
Halcon affine transformations to regions
Introduction Guide to stereo vision (5): dual camera calibration [no more collection, I charge ~]
优先级队列(堆)
编辑器-vi、vim的使用
Applet (use of NPM package)
Redis实现高性能的全文搜索引擎---RediSearch
Rebuild my 3D world [open source] [serialization-2]
Rebuild my 3D world [open source] [serialization-3] [comparison between colmap and openmvg]
随机推荐
Halcon wood texture recognition
优先级队列(堆)
Nodejs modularization
TF coordinate transformation of common components of ros-9 ROS
Ros-10 roslaunch summary
Rebuild my 3D world [open source] [serialization-1]
Attention is all you need
Kubedm series-00-overview
Codeforces Round #648 (Div. 2) E.Maximum Subsequence Value
AUTOSAR从入门到精通100讲(103)-dbc文件的格式以及创建详解
Nodemon installation and use
scipy.misc.imread()
Ros-11 common visualization tools
Bit operation related operations
IT冷知识(更新ing~)
Solution to the problem of the 10th Programming Competition (synchronized competition) of Harbin University of technology "Colin Minglun Cup"
一题多解,ASP.NET Core应用启动初始化的N种方案[上篇]
Multiple linear regression (sklearn method)
kubeadm系列-00-overview
The location search property gets the login user name