The security of the server is very important. Some people want to protect its security but have no choice but to know that the firewall has a certain effect on the security protection. But choosing which firewall or firewall to choose is also a problem. Let's teach today. How do you choose?
Different application environments and different usage requirements have different requirements for firewall performance. So to really find a suitable server firewall, the key point is to carefully analyze the needs of the server firewall, consider the advantages and disadvantages of various types of server firewalls. In order to help newcomers have a more general direction when choosing a server firewall, we will introduce the general classification of server firewalls and the advantages and disadvantages of different types of server firewalls.
First, according to the composition of the structure, the type of server firewall can be divided into hardware firewall and software firewall.
The hardware firewall essentially embeds the software firewall in the hardware. The hardware and software of the hardware firewall need to be designed separately. The dedicated network chip is used to process the data packets. At the same time, a special operating system platform is adopted to avoid Security vulnerabilities in the general operating system have caused internal network security to be compromised. That is to say, the hardware firewall is to make the firewall program inside the chip, and the hardware performs the protection function of the server. Because of the embedded structure, it is faster, more powerful, and more powerful than other types of firewalls.
Software firewalls, as the name suggests, are software products installed on server platforms that optimize network management and defense functions by working at the bottom of the operating system. The software firewall runs on a specific computer. It requires the support of a pre-installed computer operating system. Generally, this computer is the gateway of the entire network. Software firewalls, like other software products, need to be installed and configured on the computer before they can be used.
Hardware firewall performance is better than software firewall, because it has its own dedicated processor and memory, can independently complete the function of preventing network attacks, but the price will be much more expensive, changing the settings is more troublesome. And
software firewall is installed on the server as a gateway, using the server's CPU and memory to achieve anti-attack capabilities, in the case of serious attacks may take up a lot of server resources, but relatively cheap Much more, it is also very convenient to set up.
Second, in addition to the structure of the server firewall can be divided into software firewall and hardware firewall, can also be technically divided into "package filter type", "ldquo; application agent type" and "and" Status monitoring & rdquo; three categories. How complex is the implementation of a firewall, in the final analysis, the function expansion based on these three technologies.
1. Packet Filtering
Packet filtering is one of the earliest firewall technologies. Its first generation model is static packet filtering, which works on the network layer in the OSI model. The developed dynamic packet filtering works on the transport layer of the OSI model. The packet filtering firewall works in a variety of channels for incoming and outgoing data packets based on the TCP/IP protocol. It uses this network layer and transport layer as data monitoring objects, for each packet header, protocol, address, and port. Analysis of the type, type, etc., and check against the pre-set firewall filtering rules. Once one or more parts of a package are found to match the filtering rules and the condition is "Block", the package is Will be discarded.
The advantage of firewalls based on packet filtering technology is that it is easier to implement for small, less complex sites. However, its shortcomings are very significant. First, the rules table for large-scale, complex site packet filtering will soon become very large and complex, and the rules are difficult to test. As the table grows and complexity increases, the likelihood of a loophole in the rule structure increases. Second, this firewall relies on a single component to protect the system. If there is a problem with this component, or if an external user is allowed to access the internal host, it can access any host on the internal network.
What should I do if IE always shows no response? I believe that everyone has encountered this situat
Recently, many users are reflecting that every time you turn on the machine, you must always press f
Nowadays, no matter whether it is work or life, it is inseparable from the Internet. Many people cla
The dx plugin downloaded on the website failed during the installation, and it also prompts that “di
How does PPT embed a web page?
How to set up the Shift key in Windows 7 instead of the Capslock key in the system tutorial
Watch the video appearing explorer.exe encountered problems need to close
The reason why osx does not run .bashrc in the terminal is that the
How does the computer prohibit storing information?
How to delete the Windows.old folder under Win7
How to make the messy right mouse button menu clear
Better start menu! Win9 Start Menu Demo Video
After the computer is turned on, the display does not respond and the screen is not displayed.
u disk reloading system error Internal Error 36000 how to solve?
How to delete the boot menu after uninstalling Windows 7
Which type of account is better for you in Windows 8 system
Win10 installation application prompt error code 0x800706d9 What should I do?
Experience the Windows 8.1 lock screen slideshow to automatically change the lock screen
Let XP's control panel "belong to yourself"
Cleverly solve computer insomnia
Win7 Ultimate system how to delete the "Open the table wallpaper" option in the right mouse button
How to modify the Tab in the VIM editor to 4 spaces