The Internet is a computer network, which is open to the world, the consequences will be the responsibility is not connected to the Internet network security assurance. This means that if there is no established network operators, system carefully, it is most likely the network and the Internet easily who is not a legal person from external access. This is the task of network operators to reduce these risks to a minimum. Strategic choice and skills network administrator can easily identify a network of permeable or not.
Firewall is a tool to achieve security policy (security policy). While the security policy, based on the balance between the facilities provided security. More stringent security policy, a more complex service configuration information or fewer devices available on the network. On the contrary, more and more facilities are available or in such a simple configuration application, more easily and people deal with ‘gossip’ into the system from outside Lai (a weak safety policy of the Zhijie results).
This article will attempt to look at some common security policies, a network connection to the Internet.
Firewall
Firewall is usually used to refer to a component or network component, which is used to restrict internal network between the two networks and, more specifically access to the Internet global network set up a term. Firewall has several tasks:
* The first is: to be able to achieve in the network (site security policy security policy). If some behavior is not allowed to this policy, then the firewall must ensure that all the efforts, said the operation failed or failure. Therefore, all the networks (not authorized) unauthorized access will be denied.
* Implementation of the filter: to require all traffic to pass through the issuance and use of all information in the course of the firewall service. In this case, the data packet traffic from / to the firewall, select based on IP address, port number, or direction, adjust the security policy.
* Firewall should be able to record / record suspicious events, and inform against all attempts to penetrate security policy administrator.
Planning and network firewall
Plan a firewall system on the network, what is closely related to whether the facilities will be provided to the user, what level of risk, safety level is acceptable, and how much time, money and expertise available (technical and economic factors). Firewalls usually include (also known as the screen or suffocation) and gateway (the door) filters. Filtering to restrict access, narrow channels, or block certain traffic classes. Place access restrictions, it will reduce the network to function. In order to maintain in an environment with a firewall, in general, the network communication function in two ways:
* First, if we imagine a network for protecting fortress is that communication can occur through the fortress of exit doors. This method is known as packet filtering, and filter not only for refusing to use the channel or channel flow is large enough security risks, while still allowing the canal to other traffic.
* The second method, using the agent system, each communication took place between the two networks must pass operators in this case, the proxy server. Such as Telnet and SMTP (Simple Mail Transfer Protocol some agreements), will be more effective with evaluation data packet (packet filtering), treatment, while others, such as FTP (File Transfer Protocol), Archie, Gopher, and HTTP (Hypertext Transfer Protocol ) will be more effective agents for processing. Most firewalls use these technologies (packet filtering and proxy combined).
