BSNL DATA CENTER ( JAYNAGAR 4th BLOCK BANGALORE)
In computing, a firewall is a network security system that monitors and controls the incoming and
outgoing network traffic based on predetermined security rules.A
firewall typically establishes a barrier between a trusted, secure internal
network and another outside network, such as the Internet, that is assumed to
not be secure or trusted. Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls are a software appliance running on general purpose hardware or
hardware-based firewall computer appliances that filter traffic between two or more networks.
Host-based firewalls provide a layer of software on one host that controls
network traffic in and out of that single machine. Firewall
appliances may also offer other functionality to the internal network they
protect such as acting as a DHCP or
VPN server for that network.
FIRST GENERATION FIREWALL
The first type of firewall
was the packet filter which looks at network addresses and ports
of the packet and determines if that packet should be allowed or blocked . The first paper published on firewall
technology was in 1988, when engineers from Digital
Equipment Corporation (DEC) developed filter systems known as packet filter
firewalls
SECOND GENERATION FIREWALL
Second-generation
firewalls perform the work of their first-generation predecessors but operate
up to layer 4 (transport layer) of the OSI model. This is achieved by retaining packets
until enough information is available to make a judgement about its state. Known as stateful packet
inspection, it records all connections passing
through it and determines whether a packet is the start of a new connection, a
part of an existing connection, or not part of any connection Though static rules are still used,
these rules can now contain connection state as one of their test criteria.
Reasons
why you want a DMZ and the benefits it offers. The general idea is that you put
your public faced servers in the "DMZ network" so that you can
separate them from your private, trusted network. The use case is that because
your server has a public face, it can be remotely rooted. If that happens, and
a malicious party gains access to your server, he should be isolated
in the DMZ network and
not have direct access to the private hosts (or to a database server for example
that would be inside the private network and not on the DMZ).
How to do it: There are several ways, but the 'book example' is
by utilizing two firewalls (of course you can achieve the same result with one
firewall and smart configuration, although hardware isolation is nicer). Your
main firewall is between internet and the server and the second firewall
between the server and the private network. On this second firewall, all access
from the server to the private network ideally would be forbidden (of course it
would be a state full firewall so if you initiate a connection from the private
network to the server it would work).
So, this is a fairly high level overview of DMZ. If you want
more technical details please edit your question accordingly.
Standard
Features Included
The PRO 3060 running
SonicOS Standard delivers value for small to mid-sized networks.
Multi-threat Protection
* Integrated gateway
anti-virus, anti-spyware and intrusion prevention support
Powerful
Performance
* High-performance
Architecture - Powerful Main Processor and Cryptographic Accelerator
* 300+ Mbps Stateful Packet Inspection Firewall
* 75 Mbps 3DES and AES VPN Throughput
* Three Ports Enabled
Integration
* Deep Packet Inspection
Firewall/IPSec VPN
Ease-of
Use
* Next-Generation
Streamlined GUI
Additional Optional
Features
Upgrading to SonicOS
Enhanced adds innovative features for more complex networks.
Additional Threat Protection
* Real-time Blacklist
Spam Filtering
Complete Business
Continuity
* ISP Failover
* WAN Redundancy and Load Balancing
* Hardware Failover
Ultimate
Flexibility
* Three additional
User-Defined Ports Enabled
* Object-based Management
* Policy-based NAT
* Powerful Wizards - Set-up, Firewall Policies, VPN
Namdev Pratap is Engineering student ,he is an active blogger and a Space enthusiast, He has Involved in many theoretical research in astronomy and space science,he has served as Volunteer for SETI Home for a period of 5 years in BOINC(Berkley Open Infrastructure for Network Computing).
ConversionConversion EmoticonEmoticon