Categories of Firewall

4.6.3 Categories of Firewall

The firewall can be roughly classified into two categories: packet filtering and application proxy.

(1) Packet filtering: it works on the network layer and transmission layer, and it determines the passage of data according to the packet source address, destination address, port number, and protocol category. Only those data packages that satisfy filtering logic are forwarded to the destination, and others are discarded.

(2) Application proxy: it is also called application gateway. Working at the application layer, it completely “blocks” the communication flow of the network. The communication flow at the application layer is monitored and controlled by means of compiling special agents for application services. Application gateways are actually implemented with special workstations.

1. Packet filtering firewall

Packet filtering is a universal, low-cost and effective security means. It is universal because no special processing will be taken with respect to every network service; it is low-cost because most routers have packet-filtering function; it is effective because it satisfies the security requirements of enterprises to the greatest extent.

Packet filtering works at the network layer and transmission layer. It determines the passage of packets according to the source and destination addresses, port

Introduction to E-commerce

number and protocol category. The information it relies on comes from the header of IP, TCP or UDP.

The advantage of packet filtering is that there is no need to modify the application programs on the client and host in that it works at the network layer and transmission layer. But the weak points are also obvious: the information it relies on from network layer and transmission layer cannot meet all requirements sufficiently; the number of filtering rules is finite, and the performance is thus affected as the number of rules increases; because of the lack of context linkage information, UDP and RPC protocols cannot be effectively filtered. What’s more, most filters are lacking in audit and alarm mechanisms, and undesirable managerial way and user interface pose high requirements for the security administrator, who has to rely on his deep understanding of protocols and roles of different applications to establish security rules. Thus the filter is usually used with the gateway to constitute the firewall system.

2. Application proxy firewall

Application proxy firewall is the separation point of internal network and external network monitoring and separating the communication flow at the application layer, as illustrated in Fig. 4.7. It is working in the highest layer of the OSI model, with all the information concerning the system security controlled.

Figure 4.7 Application proxy firewalls

3. Hybrid firewall

The two methods mentioned above are usually combined to constitute the hybrid firewall. This combination is usually implemented in two ways.

(1) Host-screened firewall structure: in this structure, the packet filtering router or the firewall is connected with the Internet; meanwhile a bastion host is installed in the intranet. And filtering rules of the packet filtering router or firewall are set to make the bastion host a unique node that can be reached by other nodes on the Internet, which ensures that the intranet will not be attacked

4 Security Technologies in E-commerce

by unauthorized users.

(2) Subnet-screened firewall structure: the bastion host is placed in a subnet to form a non-militarized zone, with two packet filtering routers placed at the two ends of this subnet, which separates this subnet from the Internet and intranet. In this architecture, the bastion host and the packet filtering router constitute the foundation of the firewall.

Dokumen yang terkait

AN ALIS IS YU RID IS PUT USAN BE B AS DAL AM P E RKAR A TIND AK P IDA NA P E NY E RTA AN M E L AK U K A N P R AK T IK K E DO K T E RA N YA NG M E N G A K IB ATK AN M ATINYA P AS IE N ( PUT USA N N O MOR: 9 0/PID.B /2011/ PN.MD O)

0 82 16

Anal isi s L e ve l Pe r tanyaan p ad a S oal Ce r ita d alam B u k u T e k s M at e m at ik a Pe n u n jang S MK Pr ogr a m Keahl ian T e k n ologi , Kese h at an , d an Pe r tani an Kelas X T e r b itan E r lan gga B e r d asarkan T ak s on om i S OL O

2 99 16

The Effectiveness of Computer-Assisted Language Learning in Teaching Past Tense to the Tenth Grade Students of SMAN 5 Tangerang Selatan

4 116 138

Modul TK E 2016 150 hlm edit Tina M imas

2 44 165

Membangun aplikasi e-commerce pada Toko Reafshop Bandung

1 26 687

Pengaruh Persepsi Kemudahan dan Kepuasan Wajib Pajak Terhadap Penggunaan E Filling (Survei Pada Wajib Pajak Orang Pribadi Di Kpp Pratama Soreang)

12 68 1

PENGARUH ARUS PENGELASAN TERHADAP KEKUATAN TARIK PADA PENGELASAN BIMETAL (STAINLESS STEEL A 240 Type 304 DAN CARBON STEEL A 516 Grade 70) DENGAN ELEKTRODA E 309-16

10 133 86

Factors Related to Somatosensory Amplification of Patients with Epigas- tric Pain

0 0 15

TEKNIK PERLAKUAN PENDAHULUAN DAN METODE PERKECAMBAHAN UNTUK MEMPERTAHANKAN VIABILITAS BENIH Acacia crassicarpa HASIL PEMULIAAN (Pretreatment Technique and Germination Method to Maintain the Viability of Acacia crassicarpa Improved Seed)

0 1 11

The Risk and Trust Factors in Relation to the Consumer Buying Decision Process Model

0 0 15