|
Research on firewall technology and its application in computer network security strategy Peihong WangBog'liq Research on firewall technology and its applicatio 1-mavzu, public key print, 649 20.10.2020, UZLIKSIZ TA\'L.PEDAGOGIKASI UMKA, Информ.письмо по конференции ЮФ 23 дек 2022 (полное) (1), Микропроцессор КР580, ABTADV 5та Amaliyot MK bo\'yicha, 6-амал маш.угит сол, 2mavzu qurlish texnoligiyasidan, 1 Ma\'ruza Sanoat robotlari va mexatronika faniga kirish , 15-маъруза (3), kurs loyixa ЭРТМ, bakayeva, в конце они оба умрут, FAOLIYAT VA KIRITIVLIK QOBILIYATLARINI RIVOJLANISHI3.3. Firewall architecture
The architecture of a firewall refers to the physical location
of the firewall in the network and its relationship with other
devices in the network. Only by choosing and configuring the
firewall topology reasonably can it have the best security
performance. There are four common architectures of
firewalls as follows.
3.3.1. Dual-homed architecture
This architecture is actually a firewall configured with two
network port host systems, where one network port is
connected to the internal network and the other port is
connected to the external network, and the host controls
whether packets can pass through the port between the two
networks through control policies. Since the dual-homed host
is the transmission channel for communication between the
two networks, the dual-homed host may become a bottleneck
for communication when the network communication volume
is large, so the dual-homed host should be selected with good
performance. As shown in Figure 2
Figure 2. Schematic diagram of dual-homed host structure
3.3.2. Single-segment firewall architecture with a
shielded router
This architecture consists of a shielded router and a bastion
host. The bastion host has only one NIC connected to the
internal network and becomes the only site accessible to the
external network. The shield router makes all incoming
information must be sent to the bastion host first and only
accepts information from the output of the bastion host. All
hosts on the internal network can also only access the bastion
host, and the bastion host becomes the bridge between the
hosts on the external network and the hosts on the internal
network. The blocking router denies the internal network
hosts direct access to the external network, and requests from
the internal network hosts to access the external network must
be proxied through the bastion host. To ensure that the above
fixed packet path is not changed, the shield router should
perform the necessary configuration, such as setting up static
routes.
|
| |
