Network security issues are related to the in-depth development of future network applications. It involves security strategies, mobile codes, instruction protection, cryptography, operating systems, software engineering, and network security management. Generally, "firewall" technology is mainly used to isolate the private intranet from the public Internet.
"Firewall" is a vivid term. In fact, it is a combination of computer hardware and software that establishes a security gateway between the Internet and the intranet, thereby protecting the intranet from unauthorized users.
A simple hidden router can complete the "firewall" work. If this "firewall" is an ordinary router, it can only play a role of isolation. Hidden routers can also block communication between networks or hosts at the Internet protocol port level, playing a certain filtering role. Since the hidden router is only a modification of the router's parameters, some people do not classify it as a measure of the "firewall" level.
There are two types of "firewalls" in the true sense, one is called standard "firewalls"; the other is called Shuangjia Gateway. The standard "firewall" system includes a Unix workstation with a router at each end for buffering. The interface of one router is the outside world, that is, the public network; while the other is connected to the internal network. The standard "firewall" uses special software and requires a high level of management, and there is a certain delay in information transmission. The Shuangjia gateway is an extension of the standard "firewall". Shuangjia gateway is also called bastion host or application layer gateway. It is a single system, but it can complete all the functions of the standard "firewall" at the same time. The advantage is that it can run more complex applications while preventing any direct connection between the Internet and the internal system, ensuring that data packets cannot directly reach the internal network from the external network, and vice versa.
With the advancement of "firewall" technology, two "firewall" configurations have evolved on the basis of Shuangjia gateways, one is a hidden host gateway, and the other is a hidden smart gateway (hidden subnet). Hidden host gateways may currently be a common "firewall" configuration. As the name suggests, this configuration hides the router on the one hand, and installs a bastion host between the Internet and the intranet on the other hand. The bastion host is installed on the intranet. Through the configuration of the router, the bastion host becomes the only system for the intranet to communicate with the Internet. At present, the "firewall" with the most complex technology and the highest level of security is a hidden smart gateway. The so-called hidden smart gateway is to hide the gateway behind the public system. It is the only system that Internet users can see. All Internet functions are carried out through this protection software hidden behind the public system. Generally speaking, this kind of "firewall" is the least likely to be destroyed.
The security technology used in conjunction with the "firewall" is also data encryption technology. Data encryption technology is one of the main technical means used to improve the security and confidentiality of information systems and data, and to prevent secret data from being destroyed by the outside. With the development of information technology, network security and information confidentiality have attracted increasing attention. In addition to strengthening data security protection from the legal and management aspects, various countries have taken technical measures in both software and hardware aspects to promote the continuous development of data encryption technology and physical defense technology. According to different functions, data encryption technologies are mainly divided into four types: data transmission, data storage, authentication of data integrity, and key management technologies.
Another technology closely related to data encryption technology is smart card technology. The so-called smart card is a kind of key media, generally like a credit card, held by an authorized user and assigned a password or password by the user. The password is consistent with the password registered on the internal network server. When the password and identity feature are used together, the security performance of the smart card is still quite effective.
These network security and data protection precautions have certain limits, and it is not that the more secure the more reliable. Therefore, when looking at whether an intranet is safe, it is not only necessary to consider its means, but more importantly, the various measures taken on the network, including not only physical defenses, but also personnel quality and other "soft" factors. Evaluate, and draw conclusions about safety.