Can the firewall identify the mine pool
Publish: 2021-04-18 09:01:20
1. 1. Overview
in the 21st century, computers all over the world will be connected through the Internet, and the connotation of information security will have a fundamental change. It has not only changed from a general defense to a very common defense, but also changed from a special field to ubiquitous. When human beings enter the 21st century, the information society and the network society, the information security will become a new trend, China will establish a complete network security system, especially one with Chinese characteristics in terms of policy and law.
in fact, a country's information security system includes national regulations and policies, as well as the development platform of technology and market, In order to really solve the problem of network security in China, the ultimate way is to promote the overall improvement of China's network security technology through the development of national security instry.
network security procts have the following characteristics: first, network security comes from the diversity of security strategies and technologies, if a unified technology and strategy is adopted, it will not be safe; Second, the network security mechanism and technology should be constantly changing; Third, with the extension of network in all aspects of society, there are more and more means to enter the network. Therefore, network security technology is a very complex system engineering. To establish a network security system with Chinese characteristics, it needs the support of national policies and regulations and the joint research and development of the group. Security and anti security, like two aspects of contradiction, are always rising, Therefore, the security instry will continue to develop with the development of new technologies.
information security is an important issue faced by the national development. For this issue, we have not considered it from the systematic planning, from the technical, instrial and policy aspects. The government should not only see that the development of information security is a part of China's high-tech instry, It should be noted that the policy of developing the security instry is an important part of the information security system, and even it will play a very important role in the future development of electronization and informatization in China.
2. Firewall
network firewall technology is used to strengthen the access control between networks, It is a special network interconnection device to prevent external network users from entering the internal network through the external network by illegal means, access the internal network resources, and protect the internal network operating environment. It checks the data packets transmitted between two or more networks, such as the link mode, according to a certain security policy to determine whether the communication between networks is allowed, At present, firewall procts mainly include fortress host, packet filter router, application layer gateway (proxy server) and circuit layer gateway, shield host firewall, al host, etc.
although firewall is an effective means to protect the network from hacker attack, But it also has obvious shortcomings: it can't prevent attacks from other ways except firewall, it can't prevent threats from internal defectors and careless users, and it can't completely prevent the transmission of infected software or files, Since 1986, American digital company installed the world's first commercial firewall system on the Internet and put forward the concept of firewall, Firewall technology has developed rapidly. Dozens of companies at home and abroad have launched a series of firewall procts with different functions.
firewall is at the bottom of the five layer network security system and belongs to the category of network layer security technology, The enterprise's question to the security system is: can all IP access the enterprise's internal network system? If the answer is & quot; Yes;, However, in theory, the firewall is at the bottom of network security, responsible for network security authentication and transmission, However, with the overall development of network security technology and the continuous change of network applications, modern firewall technology has graally moved to other security levels beyond the network layer. It not only needs to complete the filtering task of traditional firewall, but also provides corresponding security services for various network applications. In addition, there are many firewall procts moving towards data security and user authentication, According to the different technologies adopted by firewall, we can divide it into four basic types: packet filtering type, network address translation NAT type, proxy type and monitoring type.
2.1. Packet filtering type
packet filtering type is the primary proct of firewall, Its technical basis is the packet transmission technology in the network; Package & quot; Each packet contains some specific information, such as the source address, destination address, TCP / UDP source port and destination port of the data; Package & quot; Whether it is from a trusted security site or not, once the packets from dangerous sites are found, the firewall will shut them out. The system administrator can also flexibly formulate judgment rules according to the actual situation.
the advantages of packet filtering technology are simple and practical, low implementation cost, and easy to use in the application environment, It can ensure the security of the system to a certain extent at a small cost.
but the defect of packet filtering technology is also obvious. Packet filtering technology is a security technology based on the network layer, which can only judge according to the source, target and port of the data packet, and can not identify the malicious intrusion based on the application layer, It is easy for experienced hackers to forge IP addresses and cheat packet filtering firewalls.
2.2. Network address translation - NAT
network address translation is used to convert IP addresses into temporary and external ones, It also means that users are not allowed to obtain the registered IP address for each machine in their network.
when the internal network accesses the external network through the secure network card, a mapping record will be generated. The system maps the outgoing source address and source port to a disguised address and port, When the external network accesses the internal network through the non secure network card, it does not know the connection of the internal network, OLM firewall judges whether the access is secure according to the pre-defined mapping rules. When the rules are met, the firewall thinks that the access is secure, can accept the access request, and can also map the connection request to different internal computers. When the rules are not met, the firewall thinks that the access is not secure, The process of network address translation is transparent to users, and users only need to carry out routine operations.
2.3. Proxy firewall can also be called proxy server, and its security is higher than packet filtering procts, The proxy server is located between the client and the server, completely blocking the data exchange between them; When the client needs to use the data on the server, it first sends the data request to the proxy server, then the proxy server requests the data from the server according to the request, and then the proxy server transmits the data to the client, The advantage of proxy firewall is that it can detect and scan the application layer, and it is very effective to deal with the intrusion and virus based on the application layer, Moreover, the proxy server must be set one by one for all the application types that the client may proce, which greatly increases the complexity of system management.
2.4. Monitoring type
monitoring type firewall is a new generation of procts, which actually exceeds the original definition of firewall. Monitoring type firewall can actively and real-time monitor the data of each layer, Based on the analysis of these data, the monitoring firewall can effectively judge the illegal intrusion in each layer. At the same time, the detection firewall procts generally have distributed detectors, which are installed in various application servers and other network nodes, and can not only detect attacks from outside the network, At the same time, it also has a strong preventive effect on malicious damage from the inside. According to the statistics of authoritative institutions, a considerable proportion of attacks against network systems come from the inside of the network, Moreover, the security of the monitoring firewall is better than that of the previous two generations of procts.
although the security of the monitoring firewall is better than that of the packet filtering firewall and the proxy server firewall, the second generation of proxy firewall is still the main firewall procts in practice e to the high cost and difficult management of the monitoring firewall technology, Based on the comprehensive consideration of system cost and security technology cost, users can selectively use some monitoring technologies. This can not only ensure the security requirements of the network system, but also effectively control the total cost of ownership of the security system.
in fact, as the mainstream trend of the current firewall procts, Most proxy servers (also known as application gateways) also integrate packet filtering technology. The mixed application of these two technologies obviously has more advantages than the single application. Because this proct is application-based, application gateway can provide filtering for protocols. For example, it can filter the put command in FTP connection, and it can also be applied through proxy, The application gateway can effectively avoid the information leakage of the internal network. Because of these characteristics of the application gateway, the contradictions in the application process mainly focus on the effective support for a variety of network application protocols and the impact on the overall performance of the network
in the 21st century, computers all over the world will be connected through the Internet, and the connotation of information security will have a fundamental change. It has not only changed from a general defense to a very common defense, but also changed from a special field to ubiquitous. When human beings enter the 21st century, the information society and the network society, the information security will become a new trend, China will establish a complete network security system, especially one with Chinese characteristics in terms of policy and law.
in fact, a country's information security system includes national regulations and policies, as well as the development platform of technology and market, In order to really solve the problem of network security in China, the ultimate way is to promote the overall improvement of China's network security technology through the development of national security instry.
network security procts have the following characteristics: first, network security comes from the diversity of security strategies and technologies, if a unified technology and strategy is adopted, it will not be safe; Second, the network security mechanism and technology should be constantly changing; Third, with the extension of network in all aspects of society, there are more and more means to enter the network. Therefore, network security technology is a very complex system engineering. To establish a network security system with Chinese characteristics, it needs the support of national policies and regulations and the joint research and development of the group. Security and anti security, like two aspects of contradiction, are always rising, Therefore, the security instry will continue to develop with the development of new technologies.
information security is an important issue faced by the national development. For this issue, we have not considered it from the systematic planning, from the technical, instrial and policy aspects. The government should not only see that the development of information security is a part of China's high-tech instry, It should be noted that the policy of developing the security instry is an important part of the information security system, and even it will play a very important role in the future development of electronization and informatization in China.
2. Firewall
network firewall technology is used to strengthen the access control between networks, It is a special network interconnection device to prevent external network users from entering the internal network through the external network by illegal means, access the internal network resources, and protect the internal network operating environment. It checks the data packets transmitted between two or more networks, such as the link mode, according to a certain security policy to determine whether the communication between networks is allowed, At present, firewall procts mainly include fortress host, packet filter router, application layer gateway (proxy server) and circuit layer gateway, shield host firewall, al host, etc.
although firewall is an effective means to protect the network from hacker attack, But it also has obvious shortcomings: it can't prevent attacks from other ways except firewall, it can't prevent threats from internal defectors and careless users, and it can't completely prevent the transmission of infected software or files, Since 1986, American digital company installed the world's first commercial firewall system on the Internet and put forward the concept of firewall, Firewall technology has developed rapidly. Dozens of companies at home and abroad have launched a series of firewall procts with different functions.
firewall is at the bottom of the five layer network security system and belongs to the category of network layer security technology, The enterprise's question to the security system is: can all IP access the enterprise's internal network system? If the answer is & quot; Yes;, However, in theory, the firewall is at the bottom of network security, responsible for network security authentication and transmission, However, with the overall development of network security technology and the continuous change of network applications, modern firewall technology has graally moved to other security levels beyond the network layer. It not only needs to complete the filtering task of traditional firewall, but also provides corresponding security services for various network applications. In addition, there are many firewall procts moving towards data security and user authentication, According to the different technologies adopted by firewall, we can divide it into four basic types: packet filtering type, network address translation NAT type, proxy type and monitoring type.
2.1. Packet filtering type
packet filtering type is the primary proct of firewall, Its technical basis is the packet transmission technology in the network; Package & quot; Each packet contains some specific information, such as the source address, destination address, TCP / UDP source port and destination port of the data; Package & quot; Whether it is from a trusted security site or not, once the packets from dangerous sites are found, the firewall will shut them out. The system administrator can also flexibly formulate judgment rules according to the actual situation.
the advantages of packet filtering technology are simple and practical, low implementation cost, and easy to use in the application environment, It can ensure the security of the system to a certain extent at a small cost.
but the defect of packet filtering technology is also obvious. Packet filtering technology is a security technology based on the network layer, which can only judge according to the source, target and port of the data packet, and can not identify the malicious intrusion based on the application layer, It is easy for experienced hackers to forge IP addresses and cheat packet filtering firewalls.
2.2. Network address translation - NAT
network address translation is used to convert IP addresses into temporary and external ones, It also means that users are not allowed to obtain the registered IP address for each machine in their network.
when the internal network accesses the external network through the secure network card, a mapping record will be generated. The system maps the outgoing source address and source port to a disguised address and port, When the external network accesses the internal network through the non secure network card, it does not know the connection of the internal network, OLM firewall judges whether the access is secure according to the pre-defined mapping rules. When the rules are met, the firewall thinks that the access is secure, can accept the access request, and can also map the connection request to different internal computers. When the rules are not met, the firewall thinks that the access is not secure, The process of network address translation is transparent to users, and users only need to carry out routine operations.
2.3. Proxy firewall can also be called proxy server, and its security is higher than packet filtering procts, The proxy server is located between the client and the server, completely blocking the data exchange between them; When the client needs to use the data on the server, it first sends the data request to the proxy server, then the proxy server requests the data from the server according to the request, and then the proxy server transmits the data to the client, The advantage of proxy firewall is that it can detect and scan the application layer, and it is very effective to deal with the intrusion and virus based on the application layer, Moreover, the proxy server must be set one by one for all the application types that the client may proce, which greatly increases the complexity of system management.
2.4. Monitoring type
monitoring type firewall is a new generation of procts, which actually exceeds the original definition of firewall. Monitoring type firewall can actively and real-time monitor the data of each layer, Based on the analysis of these data, the monitoring firewall can effectively judge the illegal intrusion in each layer. At the same time, the detection firewall procts generally have distributed detectors, which are installed in various application servers and other network nodes, and can not only detect attacks from outside the network, At the same time, it also has a strong preventive effect on malicious damage from the inside. According to the statistics of authoritative institutions, a considerable proportion of attacks against network systems come from the inside of the network, Moreover, the security of the monitoring firewall is better than that of the previous two generations of procts.
although the security of the monitoring firewall is better than that of the packet filtering firewall and the proxy server firewall, the second generation of proxy firewall is still the main firewall procts in practice e to the high cost and difficult management of the monitoring firewall technology, Based on the comprehensive consideration of system cost and security technology cost, users can selectively use some monitoring technologies. This can not only ensure the security requirements of the network system, but also effectively control the total cost of ownership of the security system.
in fact, as the mainstream trend of the current firewall procts, Most proxy servers (also known as application gateways) also integrate packet filtering technology. The mixed application of these two technologies obviously has more advantages than the single application. Because this proct is application-based, application gateway can provide filtering for protocols. For example, it can filter the put command in FTP connection, and it can also be applied through proxy, The application gateway can effectively avoid the information leakage of the internal network. Because of these characteristics of the application gateway, the contradictions in the application process mainly focus on the effective support for a variety of network application protocols and the impact on the overall performance of the network
2. The feeling of the system itself is like No. No matter how to prevent it, it will still come in. Caba doesn't seem to be very strong now. There's a psychological preparation. It seems that there are many people studying virus. Install another one, and then turn off the useless ports, such as 445 135 4444 9995 9996, etc.
3. DDoS firewall has its own unique anti attack algorithm and efficient active defense system, which can effectively defend against DoS / DDoS, superddos, DRDOS, proxy CC, mutated CC, zombie cluster CC, udpflood, mutated UDP, random UDP, ICMP, IGMP, syn, synflood, ARP attacks, legendary fake man attack, forum mmy attack, non TCP / IP protocol layer attack, etc. All kinds of common attack behaviors can be effectively identified, and these attack traffic can be processed and blocked in real time through the integrated mechanism. It has the functions of remote network monitoring and packet analysis, and can quickly obtain and analyze the latest attack features and defend the latest attack means.
4. If a hacker attacks you, don't worry. You won't feel it unless he wants you to know.
5. Firewall has become a key part of enterprise network construction. But many users think that the network already has a router, can achieve some simple packet filtering function, so why use firewall? The following is a comparison between NetEye firewall and Cisco router, which is the most widely used and representative router in the instry, in terms of security, to explain why a firewall is needed when a router exists in a user's network.
6. Take a look at the following advantages and functions of the firewall, you will know what the consequences are if you don't open it.
(1) the firewall can strengthen the security policy< (2) firewall can effectively record the activities on the Internet
(3) the firewall limits the exposure of user points. Firewall can be used to separate one network segment from another. In this way, problems affecting a network segment can be prevented from spreading through the whole network< (4) firewall is a checkpoint of security policy. All in and out of the information must pass through the firewall, the firewall will become the checkpoint of security problems, so that suspicious access is denied outside the door. The most basic function of firewall is to control the data flow between different trust areas in computer network. For example, the Internet is an untrusted area, while the internal network is a highly trusted area. In order to avoid some communication forbidden in the security policy, it is similar to the function of the firewall in the building. It has the basic task of controlling information in different trust regions. Typical trust regions include the Internet (a region without trust) and an internal network (a region with high trust). The ultimate goal is to provide controlled connectivity in different levels of trust regions through the operation of security policies and the connectivity model according to the principle of least privilege
for example, TCP / IP port 135 ~ 139 is used by Microsoft Windows [network neighborhood]. If the computer uses the network neighborhood's shared folder, and does not use any firewall related protection measures, it is equivalent to exposing its shared folder to the Internet, so that no specific person can have the opportunity to browse the files in the directory. In addition, the early version of windows has a vulnerability of no password protection caused by the overflow of the [network neighborhood] system
the firewall scans the network traffic passing through it, which can filter out some attacks and prevent them from being executed on the target computer. Firewalls can also close ports that are not in use. Moreover, it can also prohibit the outflow communication of specific ports and block the Trojan horse. Finally, it can prohibit access from special sites, thus preventing all communications from unknown intruders<
firewall is the barrier of network security:
a firewall (as a blocking point and control point) can greatly improve the security of an internal network, and rece the risk by filtering unsafe services. Because only the carefully selected application protocol can pass through the firewall, the network environment becomes more secure. For example, the firewall can prevent the well-known insecure NFS protocol from entering and leaving the protected network, so that external attackers can not use these vulnerable protocols to attack the internal network. At the same time, firewall can protect the network from routing based attacks, such as source routing attack in IP option and redirection path in ICMP redirection. The firewall should be able to reject all the above types of attacks and notify the firewall administrator< The firewall can strengthen the network security policy:
all security software (such as password, encryption, identity authentication, audit, etc.) can be configured on the firewall through the firewall centered security scheme configuration. Compared with distributing the network security problems to each host, the centralized security management of firewall is more economical. For example, in the network access, the one time password system and other identity authentication system can not be scattered on each host, but concentrated on the firewall
monitoring and auditing of network access and access:
if all access passes through the firewall, the firewall can record these access and make log records, and also provide statistical data of network usage. When suspicious actions occur, the firewall can give an appropriate alarm and provide detailed information about whether the network is monitored and attacked. In addition, it is very important to collect the usage and misuse of a network. The first reason is to know whether the firewall can resist the detection and attack of attackers, and whether the control of the firewall is sufficient. Network usage statistics is also very important for network demand analysis and threat analysis
to prevent the leakage of internal information:
by using the firewall to divide the internal network, the key network segments of the internal network can be isolated, thus limiting the impact of local key or sensitive network security problems on the global network. Moreover, privacy is an issue of great concern in the internal network. An unnoticed detail in the internal network may contain clues about security, which may arouse the interest of external attackers, and even leak some security vulnerabilities in the internal network. You can use firewall to conceal the internal details, such as finger, DNS and other services. Finger shows the registered name, real name, last login time and shell type of all users of the host. But the information displayed by finger is very easy for attackers to learn. An attacker can know how frequently a system is used, whether a user of the system is connecting to the Internet, whether the system is being attacked and so on. The firewall can also block the DNS information in the internal network, so that the domain name and IP address of a host will not be known by the outside world
in addition to the security function, the firewall also supports VPN, the enterprise internal network technology system with internet service characteristics
(1) the firewall can strengthen the security policy< (2) firewall can effectively record the activities on the Internet
(3) the firewall limits the exposure of user points. Firewall can be used to separate one network segment from another. In this way, problems affecting a network segment can be prevented from spreading through the whole network< (4) firewall is a checkpoint of security policy. All in and out of the information must pass through the firewall, the firewall will become the checkpoint of security problems, so that suspicious access is denied outside the door. The most basic function of firewall is to control the data flow between different trust areas in computer network. For example, the Internet is an untrusted area, while the internal network is a highly trusted area. In order to avoid some communication forbidden in the security policy, it is similar to the function of the firewall in the building. It has the basic task of controlling information in different trust regions. Typical trust regions include the Internet (a region without trust) and an internal network (a region with high trust). The ultimate goal is to provide controlled connectivity in different levels of trust regions through the operation of security policies and the connectivity model according to the principle of least privilege
for example, TCP / IP port 135 ~ 139 is used by Microsoft Windows [network neighborhood]. If the computer uses the network neighborhood's shared folder, and does not use any firewall related protection measures, it is equivalent to exposing its shared folder to the Internet, so that no specific person can have the opportunity to browse the files in the directory. In addition, the early version of windows has a vulnerability of no password protection caused by the overflow of the [network neighborhood] system
the firewall scans the network traffic passing through it, which can filter out some attacks and prevent them from being executed on the target computer. Firewalls can also close ports that are not in use. Moreover, it can also prohibit the outflow communication of specific ports and block the Trojan horse. Finally, it can prohibit access from special sites, thus preventing all communications from unknown intruders<
firewall is the barrier of network security:
a firewall (as a blocking point and control point) can greatly improve the security of an internal network, and rece the risk by filtering unsafe services. Because only the carefully selected application protocol can pass through the firewall, the network environment becomes more secure. For example, the firewall can prevent the well-known insecure NFS protocol from entering and leaving the protected network, so that external attackers can not use these vulnerable protocols to attack the internal network. At the same time, firewall can protect the network from routing based attacks, such as source routing attack in IP option and redirection path in ICMP redirection. The firewall should be able to reject all the above types of attacks and notify the firewall administrator< The firewall can strengthen the network security policy:
all security software (such as password, encryption, identity authentication, audit, etc.) can be configured on the firewall through the firewall centered security scheme configuration. Compared with distributing the network security problems to each host, the centralized security management of firewall is more economical. For example, in the network access, the one time password system and other identity authentication system can not be scattered on each host, but concentrated on the firewall
monitoring and auditing of network access and access:
if all access passes through the firewall, the firewall can record these access and make log records, and also provide statistical data of network usage. When suspicious actions occur, the firewall can give an appropriate alarm and provide detailed information about whether the network is monitored and attacked. In addition, it is very important to collect the usage and misuse of a network. The first reason is to know whether the firewall can resist the detection and attack of attackers, and whether the control of the firewall is sufficient. Network usage statistics is also very important for network demand analysis and threat analysis
to prevent the leakage of internal information:
by using the firewall to divide the internal network, the key network segments of the internal network can be isolated, thus limiting the impact of local key or sensitive network security problems on the global network. Moreover, privacy is an issue of great concern in the internal network. An unnoticed detail in the internal network may contain clues about security, which may arouse the interest of external attackers, and even leak some security vulnerabilities in the internal network. You can use firewall to conceal the internal details, such as finger, DNS and other services. Finger shows the registered name, real name, last login time and shell type of all users of the host. But the information displayed by finger is very easy for attackers to learn. An attacker can know how frequently a system is used, whether a user of the system is connecting to the Internet, whether the system is being attacked and so on. The firewall can also block the DNS information in the internal network, so that the domain name and IP address of a host will not be known by the outside world
in addition to the security function, the firewall also supports VPN, the enterprise internal network technology system with internet service characteristics
7. ·According to the information of the Ministry of public security, nearly 100 cases of computer hackers were cracked in China in 1998, and all kinds of illegal activities carried out by using computer networks are increasing at an annual rate of 30%. According to media reports, 95% of China's network management centers connected to the Internet have been attacked or intruded by hackers, among which banks, financial and securities institutions are the focus
with the increase of network crime, network firewall begins to attract people's attention. Here, I'd like to introce the basic knowledge of firewall
what is a firewall
the so-called "firewall" refers to a method to separate the intranet from the public access network (Internet), which is actually an isolation technology. Firewall is a kind of access control scale implemented when two networks communicate. It can allow the people and data that you "agree" to enter your network, and keep the people and data that you "disagree" away. It can prevent the hackers in the network from accessing your network to the maximum extent, and prevent them from changing, ing and destroying your important information<
analysis of firewall security technology
firewall plays a certain role in protecting network security, but it is not infallible. Through the analysis and Research on the basic principle and implementation of firewall, the author has the following understanding on the security of firewall
1. It is not easy to select and configure firewall properly.
as a means of network security, firewall has many ways to achieve. To establish a reasonable protection system and configure an effective firewall, we should follow the following four basic steps: (1) risk analysis 2) Demand analysis 3) Establish safety policy 4) Choose the correct protection means and make it consistent with the security policy. However, most firewalls do not or rarely carry out sufficient risk analysis and demand analysis, but only choose a kind of firewall that seems to be able to "meet" the needs according to the incomplete security policy. Whether such a firewall can "prevent fire" is still a problem
2. We need to correctly evaluate the failure state of the firewall
to evaluate the performance of the firewall and whether it can play a role in security protection, we should not only see whether it works normally, whether it can block or catch traces of malicious attacks and illegal access, but also see how the state of the firewall is once it is broken? According to the level, there are four states: (1) can continue to work normally without injury 2) Shut down and restart, and return to normal working state at the same time 3) Shut down and prohibit all data access 4) Shut down and allow all data to pass. The first two states are ideal, while the fourth is the least safe. However, many firewalls have no condition to test and verify the failure state, so it is impossible to determine the failure state level, so there must be security risks in the network<
3. The firewall must be maintained dynamically
after the firewall is installed and put into use, it is not all right. In order to give full play to its role of security protection, we must track and maintain it, keep close contact with businesses, and always watch the dynamics of businesses. Because once businesses find that their procts have security vulnerabilities, they will release patch procts as soon as possible. At this time, they should confirm the authenticity as soon as possible (to prevent Trojans and other viruses), and update the firewall
4. At present, it is difficult to test the firewall to verify whether the firewall can play a protective role. The most fundamental and effective proof method is to test it, or even attack the firewall by various means from the perspective of "hacker". However, the specific implementation is difficult:
(1) Firewall Performance testing is still a very new technology, there is no official publication, and there are few tools and software available. At present, only ISS company in the United States provides Firewall Performance testing tool software
(2) the firewall test technology is not advanced, and it is not completely consistent with the firewall design, which makes the test work difficult to achieve the established effect
(3) it is also a question to choose "who" to conct the fair test
it can be seen that the performance test of firewall is by no means a simple thing, but this kind of test is quite necessary
5. Basic "tricks" of illegal attacks on firewalls
(1) generally, effective attacks are carried out from related subnets. Because these URLs have been trusted by the firewall, although success still depends on opportunities and other factors, it is worth a try for attackers
(2) another way to destroy firewall is to combine attack with interference. That is to say, the firewall is always busy ring the attack. Firewall is too busy, sometimes it will forget to perform the function of security protection, in a state of failure
(3) it should be noted that the firewall may also be attacked internally. Because after the firewall is installed, random access is strictly prohibited. In this way, internal staff can't browse e-mail through telnet or send information through FTP in their spare time. Indivials will be dissatisfied with the firewall and may attack and destroy it, expecting to return to the previous state. Here, the target of attack is often the firewall or the operating system running on the firewall, so it involves not only the network security, but also the host security
the above analysis shows that the security performance of firewall depends on many factors, and firewall is not omnipotent
at present, most firewalls are packet filtering based on routers, which has poor protection ability. There are various technical means to attack firewalls outside or inside the network
· basic types of firewalls
there are four kinds of technologies to implement firewalls:
1. Network level firewalls
generally judge whether they pass or not based on the source address and destination address, application or protocol, and the port of each IP packet. A router is a "traditional" network level firewall. Most routers can check the information to decide whether to forward the received packets, but they can't judge where an IP packet comes from and goes
advanced network level firewall can judge this point, it can provide internal information to explain the connection status and the content of some data flows, compare the judgment information with the rule table, and define various rules in the rule table to indicate whether to approve or reject the packet. The packet filtering firewall checks every rule until it finds that the information in the packet is consistent with a rule. If no rule can be met, the firewall will use the default rule. In general, the default rule is to require the firewall to discard the packet. Secondly, by defining the port number based on TCP or UDP packets, the firewall can determine whether to allow the establishment of specific connections, such as Telnet, FTP connections
the following are the access control rules of a certain network level firewall:
(1) allow network 123.1.0 to use FTP (21 ports) to access host 150.0.0.1
(2) users with IP addresses 202.103.1.18 and 202.103.1.14 are allowed to use telnet (23 ports) to host 150.0.0.2
(3) e-mail from any address (port 25) is allowed to enter the host 150.0.0.3< (4) allow any www data (80 ports) to pass through
(5) other packets are not allowed to enter
network level firewall is simple, fast, low cost, and transparent to users, but its protection to the network is very limited, because it only checks the address and port, and has no ability to understand the information of the higher protocol layer of the network
2. Application level gateway
the application level gateway can check the incoming and outgoing packets, and transfer the data through the gateway, and prevent the trusted server and client from establishing direct contact with the untrusted host. The application level gateway can understand the protocol on the application layer, do more complex access control, and do fine registration. However, each protocol needs corresponding proxy software, which is not as efficient as network level firewall
common application level firewalls already have corresponding proxy servers, such as HTTP, NNTP, FTP, Telnet, rlogin, X-window, etc. However, for newly developed applications, there is no corresponding proxy service, they will pass through network level firewalls and general proxy services
application level gateway has better access control and is the most secure firewall technology at present, but it is difficult to implement, and some application level gateways lack "transparency". In practice, when users access the Internet through the firewall on the trusted network, they often find that there is delay and they have to log in many times to access the Internet or intranet
3. Circuit level gateway is used to monitor the TCP handshake information between trusted clients or servers and untrusted hosts, so as to determine whether the session is legal or not. Circuit level gateway filters packets on the session layer in OSI model, which is two layers higher than packet filtering firewall
in fact, the circuit level gateway does not exist as an independent proct. It is combined with other application level gateways, such as the gauntlet Internet Firewall of trust information systems; Delta Vista firewall and other procts of DEC company. In addition, the circuit level gateway also provides an important security function: proxy server. The proxy server is a firewall, on which runs a process called "address transfer" to map all the internal IP addresses of your company to a "safe" IP address, which is used by the firewall. However, as a circuit level gateway, there are some defects, because the gateway works in the session layer, it can not check the application level packets< The firewall combines the characteristics of packet filtering firewall, circuit level gateway and application level gateway. Like packet filtering firewall, rule checking firewall can filter incoming and outgoing packets through IP address and port number on OSI network layer. It can also check whether the syn and ACK tags and sequence numbers are logically ordered, just like the circuit level gateway. Of course, just like the application level gateway, it can check the contents of packets on the OSI application layer to see if they can meet the security rules of the company network
although the rule checking firewall integrates the characteristics of the first three, it is different from an application level gateway. It does not break the client / server mode to analyze the data of the application layer. It allows trusted clients to establish direct connections with untrusted hosts. The rule checking firewall does not rely on the agents related to the application layer, but relies on some algorithms to identify the incoming and outgoing application layer data. These algorithms compare the incoming and outgoing data packets through the known patterns of legitimate data packets, so that they can be more effective in filtering data packets than application level agents in theory
currently in the city
with the increase of network crime, network firewall begins to attract people's attention. Here, I'd like to introce the basic knowledge of firewall
what is a firewall
the so-called "firewall" refers to a method to separate the intranet from the public access network (Internet), which is actually an isolation technology. Firewall is a kind of access control scale implemented when two networks communicate. It can allow the people and data that you "agree" to enter your network, and keep the people and data that you "disagree" away. It can prevent the hackers in the network from accessing your network to the maximum extent, and prevent them from changing, ing and destroying your important information<
analysis of firewall security technology
firewall plays a certain role in protecting network security, but it is not infallible. Through the analysis and Research on the basic principle and implementation of firewall, the author has the following understanding on the security of firewall
1. It is not easy to select and configure firewall properly.
as a means of network security, firewall has many ways to achieve. To establish a reasonable protection system and configure an effective firewall, we should follow the following four basic steps: (1) risk analysis 2) Demand analysis 3) Establish safety policy 4) Choose the correct protection means and make it consistent with the security policy. However, most firewalls do not or rarely carry out sufficient risk analysis and demand analysis, but only choose a kind of firewall that seems to be able to "meet" the needs according to the incomplete security policy. Whether such a firewall can "prevent fire" is still a problem
2. We need to correctly evaluate the failure state of the firewall
to evaluate the performance of the firewall and whether it can play a role in security protection, we should not only see whether it works normally, whether it can block or catch traces of malicious attacks and illegal access, but also see how the state of the firewall is once it is broken? According to the level, there are four states: (1) can continue to work normally without injury 2) Shut down and restart, and return to normal working state at the same time 3) Shut down and prohibit all data access 4) Shut down and allow all data to pass. The first two states are ideal, while the fourth is the least safe. However, many firewalls have no condition to test and verify the failure state, so it is impossible to determine the failure state level, so there must be security risks in the network<
3. The firewall must be maintained dynamically
after the firewall is installed and put into use, it is not all right. In order to give full play to its role of security protection, we must track and maintain it, keep close contact with businesses, and always watch the dynamics of businesses. Because once businesses find that their procts have security vulnerabilities, they will release patch procts as soon as possible. At this time, they should confirm the authenticity as soon as possible (to prevent Trojans and other viruses), and update the firewall
4. At present, it is difficult to test the firewall to verify whether the firewall can play a protective role. The most fundamental and effective proof method is to test it, or even attack the firewall by various means from the perspective of "hacker". However, the specific implementation is difficult:
(1) Firewall Performance testing is still a very new technology, there is no official publication, and there are few tools and software available. At present, only ISS company in the United States provides Firewall Performance testing tool software
(2) the firewall test technology is not advanced, and it is not completely consistent with the firewall design, which makes the test work difficult to achieve the established effect
(3) it is also a question to choose "who" to conct the fair test
it can be seen that the performance test of firewall is by no means a simple thing, but this kind of test is quite necessary
5. Basic "tricks" of illegal attacks on firewalls
(1) generally, effective attacks are carried out from related subnets. Because these URLs have been trusted by the firewall, although success still depends on opportunities and other factors, it is worth a try for attackers
(2) another way to destroy firewall is to combine attack with interference. That is to say, the firewall is always busy ring the attack. Firewall is too busy, sometimes it will forget to perform the function of security protection, in a state of failure
(3) it should be noted that the firewall may also be attacked internally. Because after the firewall is installed, random access is strictly prohibited. In this way, internal staff can't browse e-mail through telnet or send information through FTP in their spare time. Indivials will be dissatisfied with the firewall and may attack and destroy it, expecting to return to the previous state. Here, the target of attack is often the firewall or the operating system running on the firewall, so it involves not only the network security, but also the host security
the above analysis shows that the security performance of firewall depends on many factors, and firewall is not omnipotent
at present, most firewalls are packet filtering based on routers, which has poor protection ability. There are various technical means to attack firewalls outside or inside the network
· basic types of firewalls
there are four kinds of technologies to implement firewalls:
1. Network level firewalls
generally judge whether they pass or not based on the source address and destination address, application or protocol, and the port of each IP packet. A router is a "traditional" network level firewall. Most routers can check the information to decide whether to forward the received packets, but they can't judge where an IP packet comes from and goes
advanced network level firewall can judge this point, it can provide internal information to explain the connection status and the content of some data flows, compare the judgment information with the rule table, and define various rules in the rule table to indicate whether to approve or reject the packet. The packet filtering firewall checks every rule until it finds that the information in the packet is consistent with a rule. If no rule can be met, the firewall will use the default rule. In general, the default rule is to require the firewall to discard the packet. Secondly, by defining the port number based on TCP or UDP packets, the firewall can determine whether to allow the establishment of specific connections, such as Telnet, FTP connections
the following are the access control rules of a certain network level firewall:
(1) allow network 123.1.0 to use FTP (21 ports) to access host 150.0.0.1
(2) users with IP addresses 202.103.1.18 and 202.103.1.14 are allowed to use telnet (23 ports) to host 150.0.0.2
(3) e-mail from any address (port 25) is allowed to enter the host 150.0.0.3< (4) allow any www data (80 ports) to pass through
(5) other packets are not allowed to enter
network level firewall is simple, fast, low cost, and transparent to users, but its protection to the network is very limited, because it only checks the address and port, and has no ability to understand the information of the higher protocol layer of the network
2. Application level gateway
the application level gateway can check the incoming and outgoing packets, and transfer the data through the gateway, and prevent the trusted server and client from establishing direct contact with the untrusted host. The application level gateway can understand the protocol on the application layer, do more complex access control, and do fine registration. However, each protocol needs corresponding proxy software, which is not as efficient as network level firewall
common application level firewalls already have corresponding proxy servers, such as HTTP, NNTP, FTP, Telnet, rlogin, X-window, etc. However, for newly developed applications, there is no corresponding proxy service, they will pass through network level firewalls and general proxy services
application level gateway has better access control and is the most secure firewall technology at present, but it is difficult to implement, and some application level gateways lack "transparency". In practice, when users access the Internet through the firewall on the trusted network, they often find that there is delay and they have to log in many times to access the Internet or intranet
3. Circuit level gateway is used to monitor the TCP handshake information between trusted clients or servers and untrusted hosts, so as to determine whether the session is legal or not. Circuit level gateway filters packets on the session layer in OSI model, which is two layers higher than packet filtering firewall
in fact, the circuit level gateway does not exist as an independent proct. It is combined with other application level gateways, such as the gauntlet Internet Firewall of trust information systems; Delta Vista firewall and other procts of DEC company. In addition, the circuit level gateway also provides an important security function: proxy server. The proxy server is a firewall, on which runs a process called "address transfer" to map all the internal IP addresses of your company to a "safe" IP address, which is used by the firewall. However, as a circuit level gateway, there are some defects, because the gateway works in the session layer, it can not check the application level packets< The firewall combines the characteristics of packet filtering firewall, circuit level gateway and application level gateway. Like packet filtering firewall, rule checking firewall can filter incoming and outgoing packets through IP address and port number on OSI network layer. It can also check whether the syn and ACK tags and sequence numbers are logically ordered, just like the circuit level gateway. Of course, just like the application level gateway, it can check the contents of packets on the OSI application layer to see if they can meet the security rules of the company network
although the rule checking firewall integrates the characteristics of the first three, it is different from an application level gateway. It does not break the client / server mode to analyze the data of the application layer. It allows trusted clients to establish direct connections with untrusted hosts. The rule checking firewall does not rely on the agents related to the application layer, but relies on some algorithms to identify the incoming and outgoing application layer data. These algorithms compare the incoming and outgoing data packets through the known patterns of legitimate data packets, so that they can be more effective in filtering data packets than application level agents in theory
currently in the city
8. Of course, there will be loopholes, no matter what firewall, even antivirus software, how powerful. There will be loopholes. I'm a programmer myself. No matter how good your software is, there will be. ha-ha
9. If the monitoring software is installed, it can be detected
10. It is recommended to use outpostpro 2009, because outpostpro series firewall ranks the third in the world. I will not talk about other specific benefits. You can search for this by yourself. You'll see. ha-ha. If you need the permanent registration code of outpostpro2009 firewall, please contact me. I can send it to you................... The question is for reference only.....................
Hot content