Today Firewall is depicted as the main component of the security and networks. Firewalls provide a lot of different operations and features. In the old days, the firewall was simply used to block or allow some ports and management of the NAT. These days there are a lot of different threats where the firewall is used to detect and stop these threats.
如今,防火墙已被描述为安全性和网络的主要组成部分。 防火墙提供了许多不同的操作和功能。 在过去,防火墙只是用来阻止或允许某些端口和NAT管理。 如今,使用防火墙来检测和阻止这些威胁有很多不同的威胁。
防火墙功能 (Firewall Features and Functions)
Today modern firewall’s provides a lot of different features mainly related to security. Currently, a typical enterprise firewall will have or can provide at least the following features.
今天,现代防火墙提供了许多主要与安全性相关的不同功能。 当前,典型的企业防火墙将具有或可以至少提供以下功能。
- Packet Filtering 包过滤
- Port Management港口管理
- Network Address Translation (NAT)网络地址转换(NAT)
- Application Gateway 应用网关
- Web Application Firewall (WAF)Web应用程序防火墙(WAF)
- Intrusion Prevention System (IPS) 入侵防御系统(IPS)
- Deep Packet Inspection (DPI) 深度数据包检查(DPI)
- SSL/TLS Termination SSL / TLS终止
- Sandboxing沙箱
包过滤(Packet Filtering)
A typical firewall can filter packets according to different values of the package. This can be very useful for performance and security reasons. A packet can be filtered according to the following properties.
典型的防火墙可以根据包的不同值过滤数据包。 出于性能和安全原因,这可能非常有用。 可以根据以下属性过滤数据包。
- TCP Source Port TCP源端口
- TCP Destination PortTCP目标端口
- IP Source AddressIP源地址
- IP Destination AddressIP目标地址
- UDP Source PortUDP源端口
- UDP Destination PortUDP目标端口
- TCP FlagTCP标志
- IP Packet SizeIP封包大小
港口管理(Port Management)
From the start, all firewalls are mainly used to allow or block different ports and network interfaces. A Firewall can operate as an intermediate controller between LAN and Internet. A firewall can also be used between different LAN segments for different security levels. We can enable access for a given port like 80 or 443 HTTP and HTTPS ports which are used by our web application or service. We will also disable all access from the Internet to our LAN.
从一开始,所有防火墙主要用于允许或阻止不同的端口和网络接口。 防火墙可以充当LAN和Internet之间的中间控制器。 也可以在不同的局域网段之间使用防火墙,以实现不同的安全级别。 我们可以启用对给定端口的访问,例如Web应用程序或服务使用的80或443 HTTP和HTTPS端口。 我们还将禁用从Internet到LAN的所有访问。
网络地址转换(NAT) (Network Address Translation (NAT))
Network Address Translation or Port Address Translation is a very useful and powerful feature which are used to manage Ports and IP addresses according to our configuration. We can serve a web service from 8080 to the Internet but this web service can be running on port number 80 in our server which is internally located.
网络地址转换或端口地址转换是一项非常有用且功能强大的功能,用于根据我们的配置管理端口和IP地址。 我们可以提供从8080到Internet的Web服务,但是该Web服务可以在内部位于服务器中的端口80上运行。
应用网关 (Application Gateway)
Currently, one of the most dangerous attacks occurs from the web with different techniques like Social Engineering, Drive-By Download, Phishing, Web Browser Exploitation, XSS, etc. We generally use Application Gateways in order to prevent the web-based attacks to our internal users. Enterprise firewalls generally provide Application Gateway features as an extra license.
当前,最危险的攻击之一是使用不同的技术从网络上发生的,例如社交工程,按驱动器下载,网络钓鱼,Web浏览器利用,XSS等。我们通常使用应用程序网关来防止基于Web的攻击对我们的攻击内部用户。 企业防火墙通常提供Application Gateway功能作为额外的许可证。
Web应用防火墙 (Web Application Firewall)
As the web is a very serious attack vector we have to protect and secure our web servers, web applications, and web services. Web Application Firewall located between WAN or Internet and our Web Application Server. Every request made to the Web Application will be filtered, allowed, or blocked according to the request attributes. Especially web application attacks like SQL injection, Directory Traversal, Brute Force are stopped and prevented with the Web Application Firewalls.
由于Web是一种非常严重的攻击媒介,因此我们必须保护和保护Web服务器,Web应用程序和Web服务。 位于WAN或Internet与我们的Web应用程序服务器之间的Web应用程序防火墙。 对Web应用程序的每个请求都将根据请求属性进行过滤,允许或阻止。 尤其是Web应用程序防火墙阻止并阻止了Web应用程序攻击,例如SQL注入,目录遍历,暴力破解。
入侵防御系统(IPS) (Intrusion Prevention System (IPS))
Firewalls generally identify and block well known and basic type of attacks. Today the world has a lot of different, complicated, and advanced attack types that can not be identified by the firewall. Intrusion Prevention System or IPS provides advanced features, techniques, signature, heuristics in order to identify advanced attacks.
防火墙通常会识别并阻止众所周知的基本攻击类型。 当今世界,防火墙无法识别出许多不同,复杂和高级的攻击类型。 入侵防御系统或IPS提供高级功能,技术,签名,试探法,以识别高级攻击。
深度数据包检查(DPI) (Deep Packet Inspection (DPI))
Network packets like TCP, UDP, IP, OSPF, Ethernet are transmitted over the network. If we want to control the network completely we need an inspection of these packets and filters accordingly. Deep Packet Inspection or DPI is a technology that provides detailed information and control about network protocol and packets.
TCP,UDP,IP,OSPF,以太网等网络数据包通过网络传输。 如果要完全控制网络,则需要检查这些数据包和相应的过滤器。 深度数据包检查或DPI是一项技术,可提供有关网络协议和数据包的详细信息和控制。
SSL / TLS终止(SSL/TLS Termination)
SSL/TLS is a very popular protocol which is used to authenticate web sites and secure by encrypting the traffic. It can create some difficulties with opaque network traffic. SSL/TLS termination is used to inspect SSL/TLS encrypted traffic in a fashionable way without breaking the security of the clients. SSL/TLS will terminate traffic in the firewall and create new SSL/TSL sessions with the other parts which means the web traffic will be transferred in an encrypted way.
SSL / TLS是一种非常流行的协议,用于对网站进行身份验证并通过加密流量来确保安全。 不透明的网络流量可能会带来一些困难。 SSL / TLS终止用于以一种时尚的方式检查SSL / TLS加密的流量,而不会破坏客户端的安全性。 SSL / TLS将终止防火墙中的流量,并与其他部分创建新的SSL / TSL会话,这意味着将以加密方式传输Web流量。
下一代防火墙 (Next-Generation Firewall)
What is a Next-Generation Firewall? Actually, we have defined a Next-Generation Firewall up to now with the above features. NGN firewall can provide the following features according to the capabilities and license.
什么是下一代防火墙? 实际上,到目前为止,我们已经定义了具有上述功能的下一代防火墙。 NGN防火墙可以根据功能和许可证提供以下功能。
- SSL/TLS Termination SSL / TLS终止
- Deep Packet Inspection深度数据包检查
- Intrusion Prevention System入侵防御系统
- Web Application FirewallWeb应用防火墙
- Application Gateway应用网关
- Load Balancer负载均衡器
翻译自: https://www.poftut.com/what-is-a-firewall-and-how-its-work/