Policy deployment of firewall Foundation

Security policy deployment of firewall

Principle overview ：

A firewall （ English ：Firewall） Technology is used for safety management through organic combination of various types ​ With filtering software and hardware ​ equipment , Help the computer network in it 、 Build a relatively isolated protective barrier between the external networks , A technology to protect user data and information security .

The function of firewall technology is to discover and deal with the possible security risks when the computer network is running 、 Data transmission and so on , The treatment measures include isolation and protection , At the same time, it can record and test all operations in computer network security , To ensure the security of computer network operation , Guarantee the integrity of user data and information , Better for users 、 More secure computer network experience .

So-called “ A firewall ” It refers to an internal network ​ And the public access network （ Such as Internet） The way of separation , It is actually a modern communication network technology and information security technology ​ Applied security technology based on , Isolation technology . More and more used in private networks ​ With public network ​ In an interconnected environment , Especially with access Internet The Internet is the most important .

The firewall mainly relies on hardware ​ And software ​ It creates a protective barrier between the environment of internal and external networks , So as to block the unsafe network factors of the computer . Only with the consent of the firewall , Users can enter the computer , If you don't agree, you'll be blocked out , The alarm function of firewall technology is very powerful , When an external user wants to enter the computer , The firewall will quickly send out the corresponding alarm , And remind users of their behavior , And make self judgment to decide whether to allow external users to enter the interior , As long as the user is in the network environment , This kind of firewall can carry out effective query , At the same time, the information found will be displayed to the user , Then users need to implement corresponding settings for the firewall according to their own needs , Block the disallowed user behavior . Through the firewall, you can also effectively view the traffic of information data , And it can also master the speed of uploading and downloading data information , It is convenient for users to have good control judgment on the use of computers , The internal situation of the computer can also be viewed through this firewall , It also has the function of starting and closing the program , And the internal log function of the computer system , In fact, it is also a summary of the real-time situation of the firewall and the internal security of the computer system .

Firewall is a kind of access control scale which is executed when two networks communicate , It can prevent hackers in the network to the greatest extent ​ Access your network . It's set up on different networks （ Such as trusted intranet ​ And untrusted public networks ​） Or a combination of components between network security domains . It is the only access to information between different networks or network security domains , According to the safety policy of the enterprise ​ control （ allow 、 Refuse 、 monitoring ） Information flow in and out of the network ​, And it has strong anti attack ability . It's about providing information security services , Infrastructure for network and information security . Logically , The firewall is a separator , A limiter , It's also an analyzer , The intranet is effectively monitored ​ and Internet Any activity between , Ensure the security of the internal network .

A firewall flows network traffic through it ​ scan , This will filter out some attacks , In case it is on the target computer ​ Be executed on . Firewalls can also shut down unused ports ​. And it can also disable outgoing traffic on specific ports , Block the Trojan horse . Last , It can disable access from special sites , To prevent all communications from unknown intruders .

The barrier of network security

A firewall （ As a blocking point 、 The control points ） Can greatly improve an intranet ​ Network security ​, And through filtering ​ Unsafe services to reduce risk . Because only carefully selected application protocols can pass through the firewall , So the network environment ​ Become safer . For example, firewalls can prohibit such as well-known unsafe NFS agreement ​ Access to the protected network , In this way, it is impossible for external attackers to use these fragile protocols to attack the internal network . Firewalls can also protect the network from routing based attacks , Such as IP​ Source routing attacks and ICMP​ Redirection path in redirection . The firewall should be able to reject all messages of the above types of attacks and notify the firewall administrator .

Strengthen network security strategy

Configure through a firewall centric security scheme ​, All security software ​（ Like a password ​、 encryption ​、 Identity Authentication ​、 Audit ​ etc. ） Configure on the firewall . And network security ​ The problem is distributed to each host ​ Compared on , Centralized security management of firewall is more economical . For example, during network access , The one-time password system and other identity authentication systems do not have to be scattered on each host , And focus on the firewall .

Monitoring audit

If all access passes through the firewall , that , The firewall can record these accesses and log them , At the same time, it can also provide network usage ​ Statistical data . When something suspicious happens , The firewall can give appropriate alarm , And provide detailed information on whether the network is monitored and attacked . in addition , It is also very important to collect the usage and misuse of a network . The first reason is to know whether the firewall can resist the detection and attack of attackers , And know whether the control of firewall is sufficient . Network usage statistics are also very important for network demand analysis and threat analysis .

Prevent the leakage of internal information

By using firewall to divide the internal network , Key intranet segments can be realized ​ The isolation , Thus, the impact of local key or sensitive network security issues on the global network is limited ​. also , Privacy is an issue of great concern to the intranet , An unnoticed detail in an internal network may contain clues about security and attract the interest of external attackers , Some security vulnerabilities of the internal network have even been exposed ​. Using a firewall, you can hide those internal details, such as Finger,DNS​ Etc .Finger Shows the host ​ All users of ​ Registered name of 、 real name , Last login time and use shell Type, etc . however Finger The information displayed is very easy for attackers to learn . An attacker can know how often a system is used ​, Whether the system has users ​ Connecting to the Internet , Whether the system is noticed when being attacked, etc . Firewalls can also block information about internal networks DNS Information , Such a host ​ Domain name of ​ and IP Address ​ Will not be known by the outside world . In addition to safety , The firewall also supports Internet service ​ The enterprise internal network technology system VPN​（ Virtual private network ）.

Logging and event notification

All data entering and leaving the network must pass through the firewall , The firewall records it through logs , It can provide detailed statistical information of network use . When a suspicious event occurs , The firewall can alarm and notify according to the mechanism , Provide information on whether the network is threatened .

​

The experiment purpose ：

Understand the security policy of firewall

The topology ：

Basic configuration ：

FW1：

Interface configuration

      
      

       
       #
       
       
interface GigabitEthernet1/0/0
       
       
 undo shutdown
       
       
 ip address 192.168.1.254 255.255.255.0
       
       
#
       
       
interface GigabitEthernet1/0/1
       
       
 undo shutdown
       
       
 ip address 192.168.2.254 255.255.255.0
       
       
#
       
       
interface GigabitEthernet1/0/2
       
       
 undo shutdown
       
       
 ip address 192.168.3.254 255.255.255.0
      
      
      
      

       
       
1.
       
       
2.
       
       
3.
       
       
4.
       
       
5.
       
       
6.
       
       
7.
       
       
8.
       
       
9.
       
       
10.
       
       
11.
       
       
12.
      
      

Interfaces are divided into safe areas

      
      

       
       #
       
       
firewall zone trust
       
       
 set priority 85
       
       
 add interface GigabitEthernet0/0/0
       
       
 add interface GigabitEthernet1/0/0
       
       
#
       
       
firewall zone untrust
       
       
 set priority 5
       
       
 add interface GigabitEthernet1/0/1
       
       
#
       
       
firewall zone dmz
       
       
 set priority 50
       
       
 add interface GigabitEthernet1/0/2
      
      
      
      

       
       
1.
       
       
2.
       
       
3.
       
       
4.
       
       
5.
       
       
6.
       
       
7.
       
       
8.
       
       
9.
       
       
10.
       
       
11.
       
       
12.
       
       
13.
      
      

Configure basic security policies

      
      

       
       #
       
       
security-policy
       
       
 rule name 1
       
       
 source-zone trust
       
       
 destination-zone untrust
       
       
 source-address 192.168.1.0 mask 255.255.255.0
       
       
 destination-address 192.168.2.0 mask 255.255.255.0
       
       
 action permit
       
       
 rule name 2
       
       
 source-zone trust
       
       
 destination-zone dmz
       
       
 source-address 192.168.1.0 mask 255.255.255.0
       
       
 destination-address 192.168.3.0 mask 255.255.255.0
       
       
 action permit
       
       
 rule name 3
       
       
 source-zone untrust
       
       
 destination-zone dmz
       
       
 source-address 192.168.2.0 mask 255.255.255.0
       
       
 destination-address 192.168.3.0 mask 255.255.255.0
       
       
 action permit
      
      
      
      

       
       
1.
       
       
2.
       
       
3.
       
       
4.
       
       
5.
       
       
6.
       
       
7.
       
       
8.
       
       
9.
       
       
10.
       
       
11.
       
       
12.
       
       
13.
       
       
14.
       
       
15.
       
       
16.
       
       
17.
       
       
18.
       
       
19.
       
       
20.
      
      

Validation experiment

End of experiment ;

remarks ： If there is a mistake , Please understand ！

This article is my study notes , For reference only ！ If there is a repetition ！！！ Please contact me