Seven Questions and Answers for Enterprise Firewalls

Enterprise-class firewalls are currently the preferred product for financial, telecommunications, and government agencies to protect internal network security. According to statistics, the share of the three is close to 70%. However, what exactly the firewall does, and what cyber attacks can be prevented, may not be known to everyone. Now let us introduce the purpose and function of the firewall:

1. Who is the protection object of the firewall, how does it implement the protection function?

Broadly speaking, the firewall protects the security of the internal network information of the enterprise, such as preventing the leakage of important information such as bank server user account information, government department confidential information, and operational plans and strategies in the army. In a narrow sense, the firewall protects the security of each computer in the enterprise's internal network, preventing the computer from being subjected to all malicious access or attacks from non-secure networks outside the enterprise. The firewall implements the protection function of the internal network by physically isolating the internal and external networks, and then controls the access behavior through the firewall according to the pre-customized security policy, thereby achieving effective control of the internal network access of the enterprise. Firewalls typically have two modes of operation: bridge mode and route mode.

If the firewall is installed between the intranet and the Internet as a security barrier, it is best to choose the routing mode, in which the firewall's network address translation and proxy functions can be used to fully protect the corporate network from Internet attack. If you need to protect hosts in different areas (departments) on the same subnet, you can choose the bridge mode. In this case, the original network topology does not need to be changed. For example, the corporate finance department is an important part of the company, and even internal employees are not allowed to access it casually, so special protection is required. But the corporate network has been built, and the corresponding transformation will bring a lot of work. At this point, you can choose the bridge working mode of the firewall, without modifying the enterprise network structure, or prohibiting unauthorized personnel from accessing the host of the finance department without authorization from the firewall. As a result, the effect of local information confidentiality and protection is achieved.

2. Can the firewall only protect against external attacks?

In fact, the firewall is very sensitive to the improper access behavior between the internal and external networks through the firewall. Even internal employees, if they violate the corporate security policy, will be blocked and notified to the network administrator by the firewall. For example, the Rising Enterprise Firewall RFW-100 with MAC address binding function can bind the IP address of each host on the internal network to the physical address of the host network card one-to-one, which can effectively prevent users from modifying the IP address. Unauthorized access by the address. In addition, the firewall supports bidirectional network address translation: source address translation (SNAT) and destination address translation (DNAT). The source address is changed so that the external network cannot understand the structure of the internal network, thereby improving the security of the internal network. At the same time, the source address translation can save IP address resources (internet hosts can all use private addresses). The Rising Enterprise Firewall RFW-100 allows administrators to define a time range so that the rule only works within this time frame. Through this control mechanism, enterprises can be provided with more flexible configuration strategies. For example, rules can be defined to allow only the company marketing department employees and managers to access the Internet at any time, while other department employees are only allowed to access the Internet during lunch breaks. This feature not only saves the company a large amount of network access fees, but also improves the security of the intranet.

3, for the headache of spam, what is the firewall?

Firewalls generally provide specialized application agents for protocols such as HTTP, WWW, FTP, and TELNET. In addition, they provide mail (SMTP) proxy, RPC & UDP proxy, and general application proxy (which can proxy all TCP/IP-based protocols). Application or service). From the outside to the inside of the FTP and TELNET agents provide a strong user authentication mechanism, which can effectively prevent password guessing attacks by hackers; and the mail (SMTP) proxy function provided by the firewall can block mail bomb attacks and filter spam. With application layer proxies, you can effectively defend against application-based attacks that can pass packet-filtered firewalls.

4. If the firewall " is sick, who is responsible for network security?

In order to meet the higher level requirements of enterprise reliability for firewalls, firewalls mostly provide dual-system hot backup function, that is, when the main firewall & \\\\ ill & nbsp (failure), the backup firewall will As the responsibility of the main firewall, it can identify and automatically take over all the functions of the main firewall to ensure the normal operation of the network.

5. What network attacks can the firewall guard against?

The firewall will set some basic rules by default. It does not require user participation. It can effectively prevent basic network attacks such as IP address spoofing, Ping of death, teardrop and Syn flooding, and protect the internal network and firewall from multiple forms. Denial of service attacks and illegal access.

6. How does the firewall distinguish between normal login and illegal login?

The firewall has a strong sense of self-protection. The network administrator must authenticate with a strong user to log in to the firewall and modify the configuration file on the firewall. The strong user authentication provided by Rising Enterprise Firewall uses two-factor authentication (key password + firewall one-time password) to ensure that the administrator is not impersonated, and the management host (which can be placed anywhere on the internal and external networks, including the dial-up network) and the firewall Communication is encrypted and transmitted to prevent hackers from using the network sniffer to steal data. With this mechanism, hacker counterfeiters can be prevented from tampering with firewall files and obtaining sensitive information.

7, the firewall should be the network administrator's most effective assistant, it is the form of reporting network operating status?

The Rising Firewall RFW-100 is used as an example. The internal process monitor monitors the running status of the firewall in real time. The log system provides powerful log auditing functions and provides detailed log analysis and statistical reports. Traffic statistics The module provides traffic statistics reports and curves based on a single host. The system administrator can view the running status of the firewall and browse various reports in real time on the management host, so that the administrator can see the firewall and network running status at a glance. To avoid running out of hard disk space, the log files saved by the firewall are periodically scrolled. The maximum storage time can be set by the user. At the same time, the optional log real-time backup module can realize log off-site storage.

After understanding the basic functions of the firewall, we should deepen the security concept of the network. The threat to the network is not only from the virus. In fact, various hacker attacks have become more and more for us. Normal work and life pose a threat, so careful consideration and choice are needed when building and improving the internal network of the enterprise.