Functions of the Firewall

4.6.2 Functions of the Firewall

The firewall has the following functions:

(1) To protect the integrity of data. Access to sensitive information is controlled by setting the user authorities and file protection.

(2) To protect the effectiveness of the network. Effectiveness means a legal user can access the network easily. (3) To protect the secrecy of the data and encrypt the sensitive data. The firewall can provide a central controller for the security decisions; all

information, both inbound and outbound, has to go through this unique checkpoint. Actually, it plays a role of a traffic cop in response to different needs of the user. It can keep logs of the users’ operations, analyze the intrusions and attacks to the network for timely warning, and protect sensitive resources and personal information. However, there are also some weak points with the firewall. It cannot resist threats posed by malicious insiders and careless users, and it cannot prevent the virus caused due to the transmission of infected software or files, either. It cannot prevent data-driven attacks, which seem harmless in appearance but are launched once the data is mailed or copied to the host on the Internet.

1. Defending function

(1) It supports virus scan, for example, scanning DOC and ZIP documents and

Introduction to E-commerce

discovering dangerous information contained in documents downloaded from or uploaded to FTP.

(2) Content filtering: Content filtering means controlling the information flowing at the protocol layer of HTTP, FTP, and SMTP according to the filtering settings. The possible results are: access granted, access granted after modification, access denied, log recorded and alarming. The filtered information mainly refers to the information carried by URL and HTTP, such as Java Applet, JavaScript, ActiveX and Subject, to, and from domains of the e-mail.

(3) Protection against DoS attack: DoS (Denial of Service) means that the attacker occupies shared resource excessively, which yields to the depletion of the system resource. The firewall can prevent such attacks to a certain degree with testing and alarming mechanisms.

(4) Preventing the intrusion of ActiveX, Java Cookies and Javascript: The firewall can extract Java Applet and ActiveX from http pages, identify dangerous code or virus in Script, PHP and ASP, and alarm the user. When dangerous codes are detected in the CGI and ASP uploaded by the user, the server is also alarmed.

2. Security characteristic

(1) To support ICMP. (2) Real-time intrusion alarming. (3) Real-time intrusion protection. (4) To identify/record/prevent IP address fraud.

3. Management function

(1) To manage multiple firewalls with integrated strategy: firewall management means that the administrator exercises the management over the operation state of firewall. The management involves administrator’s identity authentication, security rule compilation, and security parameter configuration. Firewall management is grouped into three kinds: local management, remote management and central management.

(2) To support time-based access control. (3) To support SNMP supervision and configuration. (4) Local management: it means that the administrator exercises configuration

and management through console or the keyboard and monitor.

(5) Remote management: it refers to the management by administrator through WAN interface or Ethernet interface, which is based on FTP, Telnet, or Http.

(6) To support bandwidth management: the firewall should regulate the bandwidth based on the dynamic flow.

(7) Load balancing: load balance, which can be regarded as dynamic port mapping, maps a certain TCP or UDP port of an external address to a certain port of a group of internal address. It is mainly used to balance the load when a certain service like HTTP is apportioned to a group of internal servers.

4 Security Technologies in E-commerce

(8) Failover: support fault-tolerant technology, such as computer hot standby, failure recovery.

4. Record and report

(1) To process the complete log: the firewall prescribes the way to manage and store the logs.

(2) To support automatic log scan: the firewall should have automatic functions to analyze and scan the logs, which will provide more detailed statistical results. (3) To provide automatic report and log generator. (4) Alarming mechanism: the firewall should be capable of giving the alarms

when network intrusion or abnormal operation is detected.

(5) To provide brief reports according to user ID or IP address: the firewall should be capable of supporting classified print tasks.

(6) To provide real-time statistics: the firewall should be capable of analyzing the log and displaying the analysis result with tables and graphs.

(7) To list licenses and their serial number, which are the key factor of quality and sale of firewall, include selling license issued by the Ministry of Public Security, the certificate issued by China Information Technology Security Certification Center, and so on.

Functions of the Firewall

Parts

Dokumen yang terkait

AN ALIS IS YU RID IS PUT USAN BE B AS DAL AM P E RKAR A TIND AK P IDA NA P E NY E RTA AN M E L AK U K A N P R AK T IK K E DO K T E RA N YA NG M E N G A K IB ATK AN M ATINYA P AS IE N ( PUT USA N N O MOR: 9 0/PID.B /2011/ PN.MD O)

Anal isi s L e ve l Pe r tanyaan p ad a S oal Ce r ita d alam B u k u T e k s M at e m at ik a Pe n u n jang S MK Pr ogr a m Keahl ian T e k n ologi , Kese h at an , d an Pe r tani an Kelas X T e r b itan E r lan gga B e r d asarkan T ak s on om i S OL O

The Effectiveness of Computer-Assisted Language Learning in Teaching Past Tense to the Tenth Grade Students of SMAN 5 Tangerang Selatan

Modul TK E 2016 150 hlm edit Tina M imas

Membangun aplikasi e-commerce pada Toko Reafshop Bandung

Pengaruh Persepsi Kemudahan dan Kepuasan Wajib Pajak Terhadap Penggunaan E Filling (Survei Pada Wajib Pajak Orang Pribadi Di Kpp Pratama Soreang)

PENGARUH ARUS PENGELASAN TERHADAP KEKUATAN TARIK PADA PENGELASAN BIMETAL (STAINLESS STEEL A 240 Type 304 DAN CARBON STEEL A 516 Grade 70) DENGAN ELEKTRODA E 309-16

Factors Related to Somatosensory Amplification of Patients with Epigas- tric Pain

TEKNIK PERLAKUAN PENDAHULUAN DAN METODE PERKECAMBAHAN UNTUK MEMPERTAHANKAN VIABILITAS BENIH Acacia crassicarpa HASIL PEMULIAAN (Pretreatment Technique and Germination Method to Maintain the Viability of Acacia crassicarpa Improved Seed)

The Risk and Trust Factors in Relation to the Consumer Buying Decision Process Model

Dukungan

Links

Functions of the Firewall

Parts

Dokumen yang terkait

AN ALIS IS YU RID IS PUT USAN BE B AS DAL AM P E RKAR A TIND AK P IDA NA P E NY E RTA AN M E L AK U K A N P R AK T IK K E DO K T E RA N YA NG M E N G A K IB ATK AN M ATINYA P AS IE N ( PUT USA N N O MOR: 9 0/PID.B /2011/ PN.MD O)

Anal isi s L e ve l Pe r tanyaan p ad a S oal Ce r ita d alam B u k u T e k s M at e m at ik a Pe n u n jang S MK Pr ogr a m Keahl ian T e k n ologi , Kese h at an , d an Pe r tani an Kelas X T e r b itan E r lan gga B e r d asarkan T ak s on om i S OL O

The Effectiveness of Computer-Assisted Language Learning in Teaching Past Tense to the Tenth Grade Students of SMAN 5 Tangerang Selatan

Modul TK E 2016 150 hlm edit Tina M imas

Membangun aplikasi e-commerce pada Toko Reafshop Bandung

Pengaruh Persepsi Kemudahan dan Kepuasan Wajib Pajak Terhadap Penggunaan E Filling (Survei Pada Wajib Pajak Orang Pribadi Di Kpp Pratama Soreang)

PENGARUH ARUS PENGELASAN TERHADAP KEKUATAN TARIK PADA PENGELASAN BIMETAL (STAINLESS STEEL A 240 Type 304 DAN CARBON STEEL A 516 Grade 70) DENGAN ELEKTRODA E 309-16

Factors Related to Somatosensory Amplification of Patients with Epigas- tric Pain

TEKNIK PERLAKUAN PENDAHULUAN DAN METODE PERKECAMBAHAN UNTUK MEMPERTAHANKAN VIABILITAS BENIH Acacia crassicarpa HASIL PEMULIAAN (Pretreatment Technique and Germination Method to Maintain the Viability of Acacia crassicarpa Improved Seed)

The Risk and Trust Factors in Relation to the Consumer Buying Decision Process Model

Dokumen yang Anda mencari sudah siap untuk unduhkan