How to secure server security How to choose a firewall

  

The security of the server is very important. Some people want to protect its security but have no choice but to know that the firewall has a certain effect on the security protection. But choosing which firewall or firewall to choose is also a problem. Let's teach today. How do you choose?

Different application environments and different usage requirements have different requirements for firewall performance. So to really find a suitable server firewall, the key point is to carefully analyze the needs of the server firewall, consider the advantages and disadvantages of various types of server firewalls. In order to help newcomers have a more general direction when choosing a server firewall, we will introduce the general classification of server firewalls and the advantages and disadvantages of different types of server firewalls.

First, according to the composition of the structure, the type of server firewall can be divided into hardware firewall and software firewall.

The hardware firewall essentially embeds the software firewall in the hardware. The hardware and software of the hardware firewall need to be designed separately. The dedicated network chip is used to process the data packets. At the same time, a special operating system platform is adopted to avoid Security vulnerabilities in the general operating system have caused internal network security to be compromised. That is to say, the hardware firewall is to make the firewall program inside the chip, and the hardware performs the protection function of the server. Because of the embedded structure, it is faster, more powerful, and more powerful than other types of firewalls.

Software firewalls, as the name suggests, are software products installed on server platforms that optimize network management and defense functions by working at the bottom of the operating system. The software firewall runs on a specific computer. It requires the support of a pre-installed computer operating system. Generally, this computer is the gateway of the entire network. Software firewalls, like other software products, need to be installed and configured on the computer before they can be used.

Hardware firewall performance is better than software firewall, because it has its own dedicated processor and memory, can independently complete the function of preventing network attacks, but the price will be much more expensive, changing the settings is more troublesome. And

software firewall is installed on the server as a gateway, using the server's CPU and memory to achieve anti-attack capabilities, in the case of serious attacks may take up a lot of server resources, but relatively cheap Much more, it is also very convenient to set up.

Second, in addition to the structure of the server firewall can be divided into software firewall and hardware firewall, can also be technically divided into "package filter type", "ldquo; application agent type" and "and" Status monitoring & rdquo; three categories. How complex is the implementation of a firewall, in the final analysis, the function expansion based on these three technologies.

1. Packet Filtering

Packet filtering is one of the earliest firewall technologies. Its first generation model is static packet filtering, which works on the network layer in the OSI model. The developed dynamic packet filtering works on the transport layer of the OSI model. The packet filtering firewall works in a variety of channels for incoming and outgoing data packets based on the TCP/IP protocol. It uses this network layer and transport layer as data monitoring objects, for each packet header, protocol, address, and port. Analysis of the type, type, etc., and check against the pre-set firewall filtering rules. Once one or more parts of a package are found to match the filtering rules and the condition is "Block", the package is Will be discarded.

The advantage of firewalls based on packet filtering technology is that it is easier to implement for small, less complex sites. However, its shortcomings are very significant. First, the rules table for large-scale, complex site packet filtering will soon become very large and complex, and the rules are difficult to test. As the table grows and complexity increases, the likelihood of a loophole in the rule structure increases. Second, this firewall relies on a single component to protect the system. If there is a problem with this component, or if an external user is allowed to access the internal host, it can access any host on the internal network.

Copyright © Windows knowledge All Rights Reserved