有关防火墙的四大原理（Four principles about firewalls）.doc

有关防火墙的四大原理（Four principles about firewalls） First, the basic principles of firewall First of all, we need to understand some basic firewall implementation principles. Firewalls are mainly packet filtering, packet filtering for stateful inspection, and application layer proxy fire prevention Wall. But their basic implementations are similar. We carry out - - NIC, firewall, router, network card, nbsp, internal -; Firewalls generally have more than two network cards, one connected to the external (router), and the other connected to the internal network. When the host network forwarding function is opened, the network communication between the two network cards can be passed directly. When there is a firewall, he is like plugging into the network card and controlling all the network communication. When it comes to access control, this is the core of the firewall:) the firewall is primarily judged by an access control table. His form is usually a series of following rules: 1, accept, from+ source address, port to+, destination address, port + take action 2 deny... (deny means rejection.. ) 3 nat... (NAT is address translation. Later) When a network packet is received at the network layer (including the following routing layer), the firewall matches one by one from the list of rules above, and if it conforms, the scheduled action is performed! Discard package.... However, there are differences in implementation between different firewalls in determining attack behavior. Following the implementation principle, talk about possible attacks. Two attack packet filter firewall Packet filter firewall is the simplest one. It intercepts network packets at the network layer, and detects the attack behavior according to the firewall rules table. He filters the source IP address of the packet, the destination IP address, the TCP/UDP source port, and the TCP/UDP destination port!! Vulnerable to the following attacks: 1 IP spoofing attack: This kind of attack mainly modifies the sourc