| ||||||||||||||||||||||||||||||||||||||||||||
|
FirewallingIntroductionFirewalling has become more than just a packet filter. In the early days it was a simple TCP/IP filtering solution, it looked at the packets, looked at its source & destination port and source & destination ip address and either allowed or blocked that packet. Although the principle is very simple, it is very reliable and it also introduces a lot of security. This type of firewall is called a network firewall. For the packets a network firewall allows, there is another type of firewall, the application firewall. This type of firewall does a deeper analysis of the packets sent to a service listening on a specific tcp/upd port. The application firewall is at a higher level in the TCP/IP stack and is closer to the application that receives or sends the packets. It has a more complete view of what really happens inside all of these packets and is designed to scan for certain types of attack and protect the application if such an attack is detected. Network FirewallUse a network firewall to secure ALL your internet connections. Not all firewalls are at their highest security by default. Following are a few rules to make your firewall more secure.
ISA ServerMS Proxy 2.0
Application FirewallsBesides using a network firewall which only works on the network layer (which packets for what port?...), you should protect the services on those ports you allow. This can be done by using special application layer filters or firewalls like:
Desktop firewallsProtecting your servers is one thing, but you should also protect the desktop computers in your network as well. A network firewall for the desktop is also called a personal firewall.
Final noteNowadays most network and desktop firewalls also have application layer filters (or even intrusion detection capability) built into them. This is done for content-filtering like anti-virus, spam filter, advertising filter, privacy filter, active scripting filter,... Firewall forensics
|
|||||||||||||||||||||||||||||||||||||||||||
|