Sunday, October 13, 2019
The Firewall Essay -- Technology Computers Internet Safety Essays
The Firewall WHAT IS A NETWORK FIREWALL? A firewall is a system or group of systems that enforces an access control policy between two or more networks. The means by which this control is accomplished varies widely, but in principle, the firewall is a pair of mechanisms, one that blocks traffic and one that permits traffic. Some firewalls emphasize blocking traffic, while others emphasize permitting traffic. The most important thing to recognize about a firewall is that it implements an access control policy. If you don't know what kind of access you want to permit or deny, or you let someone else or some product configure a firewall based on judgment other than yours, that entity is making policy for your whole organization. WHY WOULD I WANT A FIREWALL? The Internet is a fun little playground and at the same time a hostile environment. Like any other society, it's plagued with the kind of people who enjoy the electronic equivalent of writing on other people's walls with spray paint, tearing off their mailboxes, or just sitting in the street blowing their car horns. Some people get real work done over the Internet, and some must protect sensitive or proprietary data. Usually, a firewall's purpose is to keep the intruders out of your network while letting you do your job. Many traditional corporations and data centers have computing security policies and practices that users must follow. If a company's policies dictate how data must be protected, a firewall is very important because it embodies corporate policy. Frequently, the hardest part of hooking a large company to the Internet is not justifying the expense or effort, but instead convincing management that it's safe to do so. A firewall not only provides real security but also plays an important role as a security blanket for management. Last, a firewall can act as your corporate ambassador to the Internet. Many corporations use their firewall systems to store public information about corporate products and services, files to download, bug-fixes, and so forth. Several of these systems (such as uunet.uu.net, whitehouse.gov, gatekeeper.dec.com) have become important parts of the Internet service structure and reflect well on their organizational sponsors. WHAT CAN A FIREWALL PROTECT AGAINST? Some firewalls permit only e-mail traffic, thereby protecting the network against any attacks o... ...ng it, crashing it, jamming it, or flooding it. Denial of service is impossible to prevent because of the distributed nature of the network: every network node is connected via other networks, which in turn connect to other networks. A firewall administrator or ISP has control of only a few of the local elements within reach. An attacker can always disrupt a connection "upstream" from where the victim controls it. In other words, someone who wants to take a network off the air can either take the network off the air directly or take the network it connects to off the air, or the network that connects to that network off the air, ad infinitum. Hackers can deny service in many ways, ranging from the complex to the brute-force. If you are considering using the Internet for a service that is absolutely time- or mission-critical, you should consider your fallback position in the event that the network is down or damaged. Microsoft has released hotfixes that address certain types of denial-of-service attacks such as SYN Flooding and giant Ping packets. Be sure to regularly watch for new Service Packs, because they offer new security enhancements that you should put on your systems.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.