The firewall scans the network traffic flowing through it, so that it can filter out some attacks, so as to prevent them from being executed on the target computer. The firewall can also close unused ports. And it can also prohibit outgoing communication on specific ports and block Trojan horses. Finally, it can prohibit access from special sites, thereby preventing all communications from unknown intruders.
Cybersecurity barrier
A firewall (as a blocking point, control point) can greatly improve the security of an internal network and reduce risks by filtering insecure services. Since only carefully selected application protocols can pass through the firewall, the network environment becomes more secure. For example, the firewall can prohibit the well-known insecure NFS protocol from entering and exiting the protected network, so that it is impossible for external attackers to use these weak protocols to attack the internal network. The firewall can also protect the network from routing-based attacks, such as source routing attacks in IP options and redirection paths in ICMP redirects. The firewall should be able to reject all the above types of attack packets and notify the firewall administrator.
Strengthen network security strategy
Through the firewall-centric security scheme configuration, all security software (such as passwords, encryption, identity authentication, auditing, etc.) can be configured on the firewall. Compared with distributing network security issues to individual hosts, centralized security management of firewalls is more economical. For example, when accessing the network, the one-time password system and other identity authentication systems do not need to be scattered on each host, but concentrated on the firewall.
Monitoring audit
If all visits go through a firewall, then the firewall can record these visits and make log records, as well as provide statistics on network usage. When suspicious actions occur, the firewall can make appropriate alarms and provide detailed information on whether the network is being monitored and attacked. In addition, it is also very important to collect the usage and misuse of a network. The first reason is that it is clear whether the firewall can withstand the detection and attack of attackers, and whether the control of the firewall is sufficient. And network usage statistics are also very important for network demand analysis and threat analysis.
Prevent leakage of internal information
By using the firewall to divide the internal network, the key network segments of the internal network can be isolated, thereby limiting the impact of local key or sensitive network security issues on the global network. Furthermore, privacy is an issue of great concern to the internal network. The inconspicuous details of an internal network may contain clues about security, which may arouse the interest of external attackers, and even expose some security vulnerabilities in the internal network. . By using a firewall, services such as Finger, DNS and other services that reveal internal details can be concealed. Finger displays the registered name, real name, last login time and shell type of all users of the host. But the information displayed by Finger is very easy to be learned by attackers. An attacker can know how frequently a system is used, whether there are users on the system connecting to the Internet, whether the system attracts attention when it is attacked, and so on. The firewall can also block the DNS information about the internal network, so that the domain name and IP address of a host will not be understood by the outside world. In addition to the security function, the firewall also supports VPN (Virtual Private Network), a technical system of the enterprise's internal network with Internet serviceability.
Logging and event notification
All data entering and exiting the network must pass through the firewall. The firewall records it through logs, which can provide detailed statistical information on network usage. When a suspicious event occurs, the firewall is more able to alert and notify according to the mechanism, and provide information on whether the network is threatened.