An Toàn Mạng: Tường lửa
lượt xem 18
download
A firewall is defined as a gateway or access server (hardware- or software-based) or several gateways or access servers that are designated as buffers between any connected public network and a private network.
Bình luận(0) Đăng nhập để gửi bình luận!
Nội dung Text: An Toàn Mạng: Tường lửa
- An Toàn Mạng: Tường lửa (Firewall) Võ Viết Minh Nhật Khoa CNTT – Trường ĐHKH
- Nội dung trình bày Các khái niệm cơ bản Các kiểu firewall khác nhau Packet filtering and stateless filtering Stateful filtering Deep packet layer inspection Nâng cao khả năng cho firewall Cơ chế chuyển đổi địa chỉ Các dịch vụ proxy Lọc nội dung Phần mềm chống virus
- Các khái niệm cơ bản A firewall is defined as a gateway or access server (hardware- or software-based) or several gateways or access servers that are designated as buffers between any connected public network and a private network. A firewall is a device that separates a trusted network from an untrusted network. It may be a router, a PC running specialized software, or a combination of devices.
- Các khái niệm cơ bản
- Các kiểu firewall khác nhau A multitude of firewall is produced that are capable of monitoring traffic using different techniques. Some of firewalls can inspect data packets up to Layer 4 and others can inspect all layers (deep packet firewalls). three types of inspection methodologies Packet filtering and stateless filtering Stateful filtering Deep packet layer inspection
- Packet filtering Packet filters are now easy to break, hence the introduction of proxy servers that limit attacks. A proxy server is a server that sits between a client application, such as a web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. Proxy servers are application based, slow, and difficult to manage in large IP networks.
- Stateless firewall A stateless firewall permits only the receipt of information packets that are based on the source's address and port from networks that are trusted. It adds more flexibility and scalability to network configuration Packets are inspected up to Layer 3, therefore, stateless firewalls are able to inspect source and destination IP addresses and protocol source and destination ports.
- Stateless firewall
- Stateful firewall A stateful firewall limits network information from a source to a destination based on the destination IP address, source IP address, source TCP/UDP port, and destination TCP/UDP port. Stateful firewalls can also inspect data content and check for protocol anomalies.
- Stateful firewall
- Deep packet layer inspection With deep packet layer inspection, the firewall inspects network information from a source to a destination based on the destination IP address, source IP address, source TCP/UDP port, and destination TCP/UDP port. It also inspects protocol conformance, checks for application-based attacks, and ensures integrity of the data flow between any TCP/IP devices.
- Deep packet layer inspection
- Deep packet layer inspection A deep packet layer device inspects packets to Ensure that the packets conform to the protocol Ensure that the packets conform to specifications Ensure that the packets are not application attacks Police integrity check failures
- Hardware Firewalls: PIX & NetScreen The PIX is a dedicated hardware-based networking device that is designed to ensure that only traffic that matches a set of criteria is permitted to access resources from networks defined with a secure rating. PIX Firewall prevents unauthorized connections between two or more networks, perform security functions such as authentication, authorization, and accounting (AAA) services, access lists, VPN configuration (IPSec), FTP logging
- PIX Interfaces
- PIX Typically, the Internet connection is given the lowest level of security, and a PIX ensures that only traffic from internal networks is trusted to send data. The biggest problem or issue with a PIX Firewall is misconfiguration, which most crackers use to compromise network functionality A PIX Firewall permits a connection-based security policy. For instance, you might allow Telnet sessions to be initiated from within your network but not allow them to be initiated into the network from outside the network.
- PIX Placement
- NetScreen Firewall The NetScreen firewalls are deep inspection firewalls providing application-layer protection, whereas the PIX can be configured as stateful or stateless firewalls providing network- and transport- layer protection. The NetScreen firewall is a deep packet layer, stateful inspection device. It bases all its verification and decision making on a number of different parameters, including source address, destination address, source port, and destination port. The data is checked for protocol conformities.
- NetScreen Firewall Placement
- Check Point Software Firewalls As most, hardware firewalls provide effective access control, many are not designed to detect and thwart attacks specifically targeted at the application level. Tackling these types of attacks is most effective with software firewalls. Software firewalls allow networks and, more specifically, network applications to be protected from untrusted sources such as the Internet.
CÓ THỂ BẠN MUỐN DOWNLOAD
-
Giới thiệu chung về an toàn bảo mật thông tin
11 p | 1769 | 1123
-
Tìm hiểu về tường lửa Firewall
74 p | 2320 | 1048
-
Tìm hiểu thêm về tường lửa FIREWALL
71 p | 560 | 286
-
Tìm hiểu tường lửa
51 p | 405 | 199
-
'Dựng' tường lửa tích hợp sẵn trong Windows XP
3 p | 307 | 91
-
Tìm hiểu tường lửa FIREWALL
70 p | 216 | 85
-
Tổng quan về an toàn mạng
52 p | 327 | 81
-
An toàn thông tin trên mạng máy tính - Phạm Minh Tuấn
32 p | 164 | 34
-
Giải pháp tường lửa dành cho doanh nghiệp vừa và nhỏ
3 p | 159 | 21
-
Giáo trình An toàn và bảo mật thông tin (Ngành: Quản trị mạng) - CĐ Công nghiệp Hải Phòng
56 p | 63 | 14
-
Giáo trình An toàn mạng (Nghề: Quản trị mạng máy tính) - CĐ Công nghiệp và Thương mại
70 p | 43 | 10
-
Tường lửa: Tất cả trong một
4 p | 99 | 9
-
Giáo trình An toàn hệ thống và thông tin mạng (Nghề: Công nghệ thông tin - Cao đẳng) - Trường Cao đẳng Cộng đồng Đồng Tháp
58 p | 30 | 8
-
Bài giảng An toàn thông tin: Chương 7 - ThS. Nguyễn Thị Phong Dung
31 p | 23 | 8
-
Giáo trình An toàn mạng (Ngành: Quản trị mạng) - CĐ Công nghiệp Hải Phòng
31 p | 40 | 7
-
Giáo trình An toàn mạng (Nghề: Quản trị mạng máy tính - Cao đẳng) - Trường Cao đẳng nghề Hà Nam (năm 2017)
68 p | 25 | 7
-
Giáo trình An toàn mạng (Nghề: Quản trị mạng máy tính - Trung cấp) - Trường CĐ Nghề Kỹ thuật Công nghệ
72 p | 31 | 5
Chịu trách nhiệm nội dung:
Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA
LIÊN HỆ
Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM
Hotline: 093 303 0098
Email: support@tailieu.vn