MENU service case
Website construction website design Beijing website construction high-end website production company Shangpin China
We create by embracing change
360 ° brand value__
simplified Chinese character
Simplified Chinese English

Shangpin China Joins Hands with Beisheng Internet to Create a New Chapter in Website Construction

Type: Shangpin Dynamic Learn more

Design principles of firewall

Source: Shangpin China | Type: website encyclopedia | Time: July 22, 2014
(1) All communication from inside to outside and from outside to inside must pass through the firewall, which is realized by physically blocking all access to the office city network that does not pass through the firewall. Different configurations are possible. (2) Only recognized traffic is allowed to be delivered after it is defined by the local security policy. Different types of firewalls are used to implement different security policies. (3) Firewall is immune to penetration Website Design When it comes to Internet firewalls, the network administrator must make several decisions: the posture of the firewall (Stance), the overall security policy of the organization, the economic cost of the firewall, and the components or components of the firewall system.

1、 Internet firewalls may play two opposite roles    
(1) Reject anything without special permission
This attitude assumes that the firewall should block all information, and that every desired service or application is implemented on the basis of case by case, which is a recommended solution. It establishes a very safe environment, because only carefully selected services can be supported. Of course, this scheme also has a disadvantage, that is, it is not easy to use, because it limits the range of choices provided to users.

 
firewall

(2) Allow anything without special refusal
This attitude assumes that the firewall should forward all information and that any potentially harmful services should be turned off on a case by ca basis. This solution creates a very flexible environment and can provide users with more services. The disadvantage is that the ease of use is put in front of the security, and the network administrator is constantly responding. Therefore, with the increase of the network size, it is difficult to ensure the security of the network.

2、 Organization's security policy
(1) Internet firewall is not independent, it is only a part of the overall security policy of the organization. The overall security policy of the organization defines all aspects of security defense. To ensure success, organizations must know what they are protecting.
(2) The security strategy must be based on careful security analysis, risk assessment and business demand analysis. If the organization does not have a detailed security policy, the carefully constructed firewall will be bypassed in any case, thus exposing the entire internal network to attack.
(3) What kind of firewall can organizations afford?
Simple packet filtering firewalls have the lowest cost because organizations need at least one router to connect to the Internet, and packet filtering functions are included in the standard router configuration. The commercial firewall system provides additional security functions, and the cost is between 4000 and 30000 dollars. The specific price depends on the complexity of the system and the number of systems to be protected. If an organization has its own page staff, it can also build its own firewall system, but there are still problems such as development time and the cost of deploying the firewall system. The firewall system needs to be managed, and general maintenance, software upgrading, security leakage, accident handling, etc. will incur costs.

3、 The Relationship between Internet Firewall and Security Policy

(1) Internet firewall is not only a combination of routers, bastion hosts or any device that provides network security, but also a part of security policy. (2) The security policy establishes a comprehensive defense system to include several information resources. This security policy should be included in the published security guide, telling users their responsibilities. All places that may be attacked by the network, such as network access, service access, local and remote user authentication, dial in and dial out, disk and data encryption, virus protection measures, and employee training, must be protected with the same security level. (3) If only a firewall system is set up without a comprehensive security policy, the firewall will be virtually non-existent

4、 Test and verification of firewall
Whether the firewall can play a protective role. The most fundamental and effective proof method is to test it, and even attack the firewall by various means from the perspective of "hackers". However, the implementation is difficult. (1) Firewall performance testing is still a very new technology, there is no official publication, and there are few tools and software available. It is understood that only the American ISS company currently provides firewall performance testing tool software. (2) The firewall testing technology is not advanced yet, and it is not completely consistent with the firewall design, which makes the testing work difficult to achieve the intended effect. (3) It is also a question to choose "who" to conduct a fair test. It can be seen that firewall performance testing is by no means a simple matter, but this kind of testing is quite necessary, because without testing, firewall security cannot be proved

5、 Firewall must be dynamically maintained
After the firewall is installed and put into use, if you want to give full play to its security protection role, you must track and maintain it, keep close contact with merchants, and keep an eye on the dynamic of merchants. Because once a merchant finds a security vulnerability in its product, it will release a patch product as soon as possible. At this time, it should confirm the authenticity as soon as possible and update the firewall software

6、 Correctly evaluate the failure state of the firewall
To evaluate the performance of a firewall, we should not only see whether it works normally, whether it can block or catch traces of malicious attacks and illegal access, but also see how the firewall is in state once it is broken. According to the level, it should have the following four states. 1. Can continue to work normally without being injured. 2. Close and restart, and restore to the normal working state at the same time. 3. Close and prohibit all data access. 4. Close and allow all data access. The first two states are ideal, while the fourth is the least safe. However, many firewalls are unable to determine their failure state level due to the lack of conditions for failure state testing and verification, so there must be security risks in the network.
Source Statement: This article is original or edited by Shangpin China's editors. If it needs to be reproduced, please indicate that it is from Shangpin China. The above contents (including pictures and words) are from the Internet. If there is any infringement, please contact us in time (010-60259772).
TAG label:

What if your website can increase the number of conversions and improve customer satisfaction?

Make an appointment with a professional consultant to communicate!

* Shangpin professional consultant will contact you as soon as possible

Disclaimer

Thank you very much for visiting our website. Please read all the terms of this statement carefully before you use this website.

1. Part of the content of this site comes from the network, and the copyright of some articles and pictures involved belongs to the original author. The reprint of this site is for everyone to learn and exchange, and should not be used for any commercial activities.

2. This website does not assume any form of loss or injury caused by users to themselves and others due to the use of these resources.

3. For issues not covered in this statement, please refer to relevant national laws and regulations. In case of conflict between this statement and national laws and regulations, the national laws and regulations shall prevail.

4. If it infringes your legitimate rights and interests, please contact us in time, and we will delete the relevant content at the first time!

Contact: 010-60259772
E-mail: [email protected]

Communicate with professional consultants now!

  • National Service Hotline

    400-700-4979

  • Beijing Service Hotline

    010-60259772

Please be assured to fill in the information protection
Online consultation

Disclaimer

Thank you very much for visiting our website. Please read all the terms of this statement carefully before you use this website.

1. Part of the content of this site comes from the network, and the copyright of some articles and pictures involved belongs to the original author. The reprint of this site is for everyone to learn and exchange, and should not be used for any commercial activities.

2. This website does not assume any form of loss or injury caused by users to themselves and others due to the use of these resources.

3. For issues not covered in this statement, please refer to relevant national laws and regulations. In case of conflict between this statement and national laws and regulations, the national laws and regulations shall prevail.

4. If it infringes your legitimate rights and interests, please contact us in time, and we will delete the relevant content at the first time!

Contact: 010-60259772
E-mail: [email protected]