First, the basic concept of the firewall In ancient times, people often built a brick wall between the apartment, in the event of a fire, it can prevent the fire from spreading to other apartments. Now, if a network is connected to the Internet, its users can access and communicate with the outside world. But at the same time, the outside world can also access and interact with the network. For security reasons, an intermediary system can be inserted between the network and the Internet to erect a security barrier. The role of this barrier is to block threats and intrusions from the outside through the network to the network, to provide the only level of security and auditing of the network, its role is similar to the ancient fire brick wall, so we put this The barrier is called a "firewall." In a computer, a firewall is a device that is a combination of software or hardware devices, usually between the enterprise's internal LAN and the Internet, restricting Internet users' access to the internal network and managing internal users' access to the outside world. In other words, a firewall is a blocking tool between an internal network that is considered to be secure and trusted and an external network (usually the Internet) that is considered less secure and trusted. A firewall is a passive technology because it assumes the existence of a network boundary and it is difficult to effectively control internal illegal access. Therefore, the firewall is only suitable for relatively independent networks, such as the local area network within the enterprise. Second, the basic principles of the firewall 1. Filtering unsafe services Based on this criterion, the firewall should block all information flow, and then open the security services that you want to provide, and the services that are unsafe or may have security risks are all killed in the germination. Among them. This is a very effective and practical way to create a very secure environment, as only carefully selected services can be used. 2. Filtering illegal users and accessing special sites Based on this rule, the firewall should first allow all users and sites to access the internal network, and then the network administrator will block the unauthorized users or untrusted sites according to the IP address. This method constitutes a more flexible application environment, and network administrators can be open to different users for different services, that is, they can freely set different access rights of individual users. Third, the basic measures of the firewall The implementation of the firewall security function mainly uses two measures. 1. Proxy server (for dial-up Internet access) This method is that the internal network does not directly communicate with the Internet. The internal network computer user and the proxy server adopt a communication method, that is, provide internal network protocol (NetBIOS, TCP/IP), proxy server. The communication with the Internet adopts the standard TCP/IP network communication protocol. The communication between the computer inside and outside the firewall is realized through the proxy server. The structure is as follows: Internal network→Proxy server→Internet This is successfully implemented. The isolation of the computer system inside and outside the firewall, because the two ends of the proxy server are different protocol standards, can effectively prevent direct external intrusion. A proxy server is usually used by a computer with good performance, fast processing speed, and large capacity. It functions as a connection between the internal network and the Internet. It is like a real server for the internal network, but for the Internet. For the server, it is another client. When the proxy server accepts the user's request, it checks whether the site requested by the user meets the set requirements. If the user is allowed to access the site, the proxy server will connect with the site to retrieve the required information and forward it to the user. In addition, the proxy server provides more secure options, such as it can implement strong data flow monitoring, filtering, logging, and reporting capabilities, as well as excellent access control, login capabilities, and address translation capabilities. However, this kind of firewall measures, in the case of a lot of internal network terminals, the efficiency will inevitably be affected, the burden of the proxy server is heavy, and many client software accessing the Internet cannot access the Internet normally in the internal network computer. 2. Routers and Filters This structure is used by routers and filters to limit the access of external computers to the internal network. It can also specify or restrict internal networks to access the Internet. The router only routes the data communication on the specific port on the filter. The main function of the filter is to selectively pass the data packet in the network layer. According to the IP (Internet Protocol) packet information, according to the IP source address. , IP destination address, encapsulation protocol port number, determine whether it allows the packet to pass. The biggest advantage of this kind of firewall measure is that it is transparent to the user, which means that the user does not need to input the account and password to log in, so the speed is faster than the proxy server, and the bottleneck is not easy. However, the shortcoming is also obvious, that is, there is no user record, so we can not find the attack record of illegal intrusion from the access record.