Basic Knowledge of Network Firewall
The purpose of the network firewall is to provide a shell around the network which will protect the systems connected to the network from various threats. The types of threats a firewall can protect against include:
1 Unauthorized access to network resources an intruder may break into a host on the network and gain unauthorized access to files.
2 Denial of service an individual from outside of the network could, for example, send thousands of mails messages to a host on the net in an attempt to fill available disk space or load the network links.
3 Masquerading electronic mail which appearing to have originated from one individual could have been forged by another with the intent to embarrass or cause harm.
A firewall can reduce risks to network systems by filtering out inherently insecure network service. Network File System (NFS) services; for example, could be prevented from being used from being used from outside of network by blocking all NFS traffic to or from the network. This protects the individual hosts while still allowing the service, which is useful in a LAN environment, on the internet network. One way to avoid the problems associated with network computing would be completely disconnect an organization’s internal network from any other external system. This, of course, is not the preferred method. Instead what is needed is a way to filter access to the network while still allowing users access to the “outside world”.
In this configuration, the internal network is separated from external networks by firewall gateway. A gateway is normally used to perform relay services between two networks. In the case of firewall gateway, it also provides a filtering service which limits the types of information that can be passed to or from hosts located on the internal network. There are three basic techniques used for firewalls; packet filtering, circuit gateway, and application gateways. Often, more than one of these is used to provide then complete firewall service.
There are several configuration schemes of firewall in the practical application of inter-network security. They usually use the following terminologies:
1 Screening router it can be a commercial router or a host based router with some kind of packet filtering capability.
2 Bastion hosts it is a system identified by the firewall administrator as a critical strong point in the network security.
3 Dual homed gateways some firewalls are implemented without a screening router, by placing a system on both the private network and internet, and disabling TCP/IP forwarding.
4 Screened host gateway it is possibly the most common firewall configuration. This is implemented using a screening router and a bastion host.
5 Screened subnet an isolated subnet which situated between tile internet and the private network. Typically, this network is isolated using screening routers, which may implement varying levels of filtering.
6 Application level gateways----it also called a proxy gateway and usually operators at a user level rather than the lower protocol level common to the other firewall techniques.
Please click here for further information about internet firewall