Release date: May 2003-17 Author: Rank Name

Starting from the fundamental change of the connotation of information network security, this paper expounds the importance of developing China's national information security system and the necessity of establishing a network security system with China characteristics. This paper discusses the classification and main technical characteristics of network firewall security technology. Keywords: technical features of network security firewall 1 Overview 2 1 century, computers all over the world will be connected through the internet, and the connotation of information security will be fundamentally changed. Not only has it changed from a general defense to a very common defense, but it has also changed from a specialized field to ubiquitous. When mankind enters the information society and network society in the 2nd/kloc-0th century, China will establish a complete network security system, especially one with China characteristics in policy and law. A country's information security system actually includes national laws and policies, as well as the development platform of technology and market. When building an information defense system, China should focus on developing its own unique security products. The ultimate way for China to truly solve the network security problem is to develop the national security industry and promote the overall improvement of network security technology in China. Network security products have the following characteristics: first, network security comes from the diversification of security strategies and technologies, and it is not safe to adopt unified technologies and strategies; Second, the security mechanism and technology of the network should be constantly changing; Thirdly, with the extension of the network in society, there are more and more means to enter the network. Therefore, network security technology is a very complicated system engineering. Therefore, the establishment of a network security system with China characteristics needs the support of national policies and regulations and the joint research and development of the Group. Security and anti-security are like two contradictory aspects, always rising upwards, so the future security industry will also develop with the development of new technologies. Information security is an important issue facing national development. For this problem, we haven't considered it from the system planning, and developed it from the technology, industry and policy. The government should not only see that the development of information security is a part of China's high-tech industry, but also see that the policy of developing security industry is an important part of the information security system, and even see that it will play a very important role in the future development of electronic information technology in China. 2. Firewall network firewall technology is a special network interconnection device, which is used to strengthen access control between networks, prevent external network users from illegally entering the internal network through the external network, access internal network resources, and protect the internal network operating environment. It checks the data packets transmitted between two or more networks according to certain security policies, such as link mode, to decide whether to allow communication between networks, and to monitor the network operation status. ? At present, firewall products mainly include fortress host, packet filtering router, application layer gateway (proxy server), circuit layer gateway, shielded host firewall, dual-homed host and so on. ? Although the firewall is an effective means to protect the network from hacker attacks, it also has obvious shortcomings: it can't prevent attacks from other ways besides the firewall, it can't prevent threats from internal defectors and temporary users, it can't completely prevent the spread of infected software or files and it can't prevent data-driven attacks. Since 1986, American digital company installed the world's first commercial firewall system on the Internet and put forward the concept of firewall, the firewall technology has developed rapidly. Dozens of companies at home and abroad have launched firewall product lines with different functions. Firewall is at the bottom of the five-layer network security system and belongs to the category of network layer security technology. At this level, the enterprise's question about the security system is: Can all IPS access the enterprise's intranet system? If the answer is "Yes", it means that the intranet has not taken corresponding preventive measures at the network layer. As the first barrier between internal network and external public network, firewall is one of the earliest network security products that people attach importance to. Theoretically, firewall is at the bottom of network security, and is responsible for security authentication and transmission between networks. However, with the overall development of network security technology and the constant changes of network applications, modern firewall technology gradually moves to other security levels outside the network layer, not only to complete the filtering task of traditional firewalls, but also to provide corresponding security services for various network applications. In addition, a variety of firewall products are developing in the direction of data security and user authentication to prevent the invasion of viruses and hackers. According to the different technologies adopted by firewalls, we can divide them into four basic types: packet filtering, network address translation-NAT, proxy and monitoring.

Download from www.3722.cn, the largest database in China.

2. 1. Packet filtering product is the primary product of firewall, and its technical basis is packet transmission technology in the network. The data on the network is transmitted in the form of packets. The data is divided into packets of a certain size, and each packet contains some specific information, such as the source address, destination address, TCP/UDP source port and destination port of the data. Firewall can judge whether these "data packets" come from trusted security sites by reading the address information in the data packets. Once packets from dangerous sites are found, the firewall will reject the data. System administrators can also flexibly formulate judgment rules according to the actual situation. The advantages of packet filtering technology are simple and practical, and low implementation cost. In the case of simple application environment, the security of the system can be guaranteed to a certain extent at a small cost. But the shortcomings of packet filtering technology are also obvious. Packet filtering technology is a security technology based entirely on the network layer, which can only be judged according to the network information such as the source, destination and port of the packet, and can not identify malicious intrusions based on the application layer, such as malicious Java applets and viruses attached to emails. Experienced hackers can easily forge IP addresses and fool the packet filtering firewall. 2.2. Network address translation -—NAT network address translation is a standard for converting IP addresses into temporary, external and registered IP addresses. It allows internal networks with private IP addresses to access the Internet. This also means that users are not allowed to obtain the registered IP address of every machine in their network. The working process of NAT is as shown in figure 1: when the internal network accesses the external network through the security network card, a mapping record will be generated. The system maps the outgoing source address and source port to a disguised address and port, and connects the disguised address and port to the external network through an insecure network card, thus hiding the real internal network address. When an external network accesses an internal network through an insecure network card, it does not know the connection of the internal network, but only requests access through an open IP address and port. OLM firewall judges whether the access is secure according to the predefined mapping rules. When the rules are met, the firewall considers the access safe, and can accept the access request or map the connection request to different internal computers. When the rules are not met, the firewall considers the access unsafe and unacceptable, and the firewall will block the external connection request. The process of network address translation is transparent to users, and users do not need to set it, but only need to do routine operations. 2.3. The proxy firewall based on proxy can also be called proxy server. Its security is higher than that of packet filtering products, and it begins to develop to the application layer. The proxy server is located between the client and the server, which completely blocks the data exchange between them. From the client's point of view, the proxy server is equivalent to a real server; From the server's point of view, the proxy server is a real client. When the client needs to use the data on the server, it first sends a data request to the proxy server, and then the proxy server requests the data from the server according to this request, and then the proxy server transmits the data to the client. Because there is no direct data channel between the external system and the internal server, it is difficult for external malicious infringement to harm the internal network system of the enterprise. The advantage of proxy firewall is high security, which can detect and scan the application layer, and it is very effective for applications-based intrusions and viruses. Its disadvantage is that it has a great influence on the overall performance of the system, and proxy servers must be set for all application types that may be generated by the client, which greatly increases the complexity of system management. 2.4. Monitoring and monitoring firewall is a new generation product, and this technology has actually surpassed the original definition of firewall. The monitoring firewall can actively monitor the data at all levels in real time. Based on the analysis of these data, monitoring the firewall can effectively judge the illegal intrusion at all levels. At the same time, this kind of firewall products generally have distributed detectors installed in various application servers and other network nodes, which can not only detect attacks from outside the network, but also have a strong preventive effect on malicious damage from inside. According to the statistics of authoritative organizations, a considerable proportion of attacks against network systems come from within the network. Therefore, the monitoring firewall not only surpasses the definition of traditional firewall, but also surpasses the previous two generations of products in terms of security. Although the monitoring firewall has surpassed the packet filtering firewall and proxy server firewall in security, the monitoring firewall technology is still the second generation proxy product in actual use, but it has also begun to be used in some aspects. Based on the comprehensive consideration of system cost and security technology cost, users can selectively use some monitoring technologies. This can not only ensure the security requirements of the network system, but also effectively control the total cost of ownership of the security system. In fact, as the mainstream trend of firewall products, most proxy servers (also called application gateways) also integrate packet filtering technology, and the mixed application of these two technologies obviously has greater advantages than single use. Because the product is application-based, the application gateway can provide filtering for the protocol. For example, the PUT command in FTP connection can be filtered out, and the application gateway can effectively avoid the information leakage in the intranet through proxy application. It is precisely because of these characteristics of application gateway that the contradictions in the application process mainly focus on the effective support of various network application protocols and the impact on the overall performance of the network.