What is a Firewall
What is a firewall? Now, a firewall is a system that is designed to prevent unauthorized access from entering a private network by filtering the information that comes in from the internet. A firewall blocks unwanted traffic and permits wanted traffic. So a firewall's purpose is to create a safety barrier between a private network and the public internet. Because out on the internet, there's always going to be hackers and malicious traffic that may try to penetrate into a private network to cause harm. And a firewall is the main component on the network to prevent this.
And a firewall is especially important to a large organization that has a lot of computers and servers in them, because you don't want all those devices accessible to everyone on the internet where a hacker can come in and totally disrupt that organization. So that's why you need a firewall to protect them.
So, a firewall that's used in computer networks is very similar to how a firewall works in a building structure. In fact, that is where the word firewall came from. A firewall in a building structure provides a barrier, so that in the event of an actual fire on either side of the building, the firewall is there to keep the fire contained and to keep it from spreading over to the other side. So the firewall is there to keep the fire from destroying the entire building. But if the firewall wasn't here, the fire would spread over to the other side and then the whole building would be destroyed. And a network firewall works in a similar way as a structure firewall. It stops harmful activity before it can spread into the other side of the firewall and cause harm to a private network. So in today's high-tech world, a firewall is essential to every home and especially in a business or an organization to keep their network safe.
Now, a firewall works by filtering the incoming network data and determines by its rules if it's allowed to enter a network. And these rules are also known as an access control list. These rules are customizable and are determined by the network administrator. The administrator decides not only what can enter a network, but also what can leave a network. So these rules either allow or deny permission.
So, as an example here, we have some rules in a firewall's access control list, and it shows a list of IP addresses that have been allowed or denied by this firewall. And as you can see, traffic from some IP addresses are allowed to enter this network, but traffic from one IP address has been denied. So if traffic from this IP address tried to get into this network, the firewall will deny it because of the rules that are set in the firewall. But the other IP addresses are granted access because the rules allow them.
Now, firewalls don't just make rules based on IP addresses, but they can also make rules based on domain names, protocols, programs, ports, and keywords. So, let's say in this example, the firewall rules are controlling access by port numbers. And let's say that the rules have allowed incoming data that's using port number 80, 25, and 110, and the data using those ports have been given access to this network. So any incoming data that's using those ports can pass through the firewall. But also in this firewall, the rules have denied any data that's using port numbers 23 and 3389. So any incoming data that's using those port numbers, the firewall will deny access and it won't get past the firewall. So in a nutshell, this is how firewalls basically work.
Now, firewalls do come in different types. And one type is called a host-based firewall. And this is a software firewall. This is the kind of firewall that is installed on a computer, and it protects that computer only and nothing else. So, for example, later versions of Microsoft operating systems come pre-packaged with a host-based firewall, and you can see that example here. And there are also third-party host-based firewalls that can be purchased and installed on a computer. So, for example, ZoneAlarm, which is a popular third-party host-based firewall. And also a lot of antivirus programs will have a built-in host-based firewall.
And another type of firewall is called a network-based firewall. A network-based firewall is a combination of hardware and software, and it operates at the network layer. And it is placed between a private network and the public internet. But unlike a host-based firewall where it only protects that computer, a network-based firewall protects the entire network. And it does this through management rules that are applied to the entire network so that any harmful activity can be stopped before it reaches the computers. Now, network-based firewalls can be a standalone product, which is mainly used by large organizations. And they can also be as a built-in component of a router, which is what a lot of smaller organizations rely on. Or they can also be deployed in a service provider's cloud infrastructure.
Now, a lot of organizations will use both network-based and host-based firewalls. They will use a network-based firewall to protect the entire network as a whole, and they will also use host-based firewalls for their individual protection for their computers and servers. And by doing this, it will ensure maximum protection because if harmful data just so happens to get past the network firewall, the host-based firewalls on each computer will be there to stop it.
什么是防火墙?防火墙是一个系统,旨在通过过滤来自互联网的信息,防止未经授权的访问进入私有网络。防火墙会阻止不需要的流量,并允许需要的流量通过。所以防火墙的目的是在私有网络和公共互联网之间建立一个安全屏障。因为在互联网上,总会有黑客和恶意流量试图渗透进私有网络造成危害。而防火墙是网络上防止这种情况发生的主要组件。
对于拥有大量计算机和服务器的大型组织来说,防火墙尤其重要,因为你不希望所有这些设备都对互联网上的任何人开放,让黑客可以进入并彻底破坏该组织。所以你需要防火墙来保护它们。
在计算机网络中使用的防火墙与建筑结构中的防火墙工作方式非常相似。事实上,“防火墙”这个词就是这么来的。建筑结构中的防火墙提供了一道屏障,以便在建筑物任何一侧发生火灾时,防火墙能够控制火势,防止其蔓延到另一侧。所以防火墙的作用是防止火灾摧毁整栋建筑。但如果这里没有防火墙,火势会蔓延到另一侧,然后整栋建筑都会被毁。网络防火墙的工作方式与结构防火墙类似。它在有害活动蔓延到防火墙另一侧并对私有网络造成损害之前将其阻止。因此,在今天的高科技世界里,防火墙对于每个家庭,尤其对于企业或组织来说,是保护其网络安全必不可少的。
防火墙通过过滤传入的网络数据来工作,并根据其规则来决定是否允许数据进入网络。这些规则也被称为访问控制列表。这些规则是可定制的,由网络管理员决定。管理员不仅决定什么可以进入网络,也决定什么可以离开网络。所以这些规则要么允许,要么拒绝权限。
举个例子,这里是防火墙访问控制列表中的一些规则,它显示了被此防火墙允许或拒绝的IP地址列表。如你所见,来自某些IP地址的流量被允许进入该网络,但来自一个IP地址的流量被拒绝了。所以如果来自这个IP地址的流量试图进入这个网络,防火墙会因为其内部设定的规则而拒绝它。但其他IP地址则被授予访问权限,因为规则允许它们。
防火墙不仅基于IP地址制定规则,它们还可以基于域名、协议、程序、端口和关键字来制定规则。比如说,在这个例子中,防火墙规则通过端口号来控制访问。假设规则允许使用端口号80、25和110的传入数据,并且使用这些端口的数据已被授予访问此网络的权限。那么任何使用这些端口的传入数据都可以通过防火墙。但同样在此防火墙中,规则拒绝了任何使用端口号23和3389的数据。所以任何使用这些端口号的传入数据,防火墙都会拒绝访问,它无法通过防火墙。简而言之,这就是防火墙的基本工作原理。
防火墙有不同类型。一种类型叫做基于主机的防火墙。这是一种软件防火墙。这种防火墙安装在计算机上,它只保护那台计算机,不保护其他任何设备。例如,较新版本的微软操作系统预装了基于主机的防火墙,你可以在这里看到例子。也有第三方的基于主机的防火墙可以购买并安装在计算机上。例如,ZoneAlarm,它是一款流行的第三方基于主机的防火墙。此外,许多杀毒软件也会内置一个基于主机的防火墙。
另一种类型的防火墙叫做基于网络的防火墙。基于网络的防火墙是硬件和软件的结合体,它在网络层工作,并被放置在私有网络和公共互联网之间。但与只保护单台计算机的基于主机的防火墙不同,基于网络的防火墙保护整个网络。它通过应用于整个网络的管理规则来实现这一点,这样任何有害活动在到达计算机之前就可以被阻止。基于网络的防火墙可以是独立的产品,主要由大型组织使用。它们也可以作为路由器的内置组件,这是许多小型组织所依赖的方式。或者,它们也可以部署在服务提供商的云基础设施中。
许多组织会同时使用基于网络和基于主机的防火墙。他们会使用基于网络的防火墙来保护整个网络,同时也会使用基于主机的防火墙来为他们的计算机和服务器提供个体保护。这样做可以确保最大程度的保护,因为即使有害数据碰巧通过了网络防火墙,每台计算机上的基于主机的防火墙也会在那里将其阻止。
