Today's information age, which can also be said to be an era when viruses and hackers are popular. This is indeed a bit pessimistic, but today's Internet is indeed the case. From the Internet to corporate intranets, from personal computers to mobile platforms that can access the Internet, no place is safe. Every attack on the Internet virus will cause headaches for home users, corporate users, 800 hotlines and even operators. However, after experiencing repeated virus crises, people have begun to think about the security of the network. Now any enterprise will consider purchasing a firewall to build a network, and more and more home users have added firewalls to their computers and even the broadband access ends. I believe that in the near future, we can see that firewalls will also appear on mobile phones.
But a firewall is not a barrier for psychological comfort. Only by knowing how to use a firewall can you truly block the threat from the door. For many small and medium-sized enterprises, the configuration of firewalls often does not reflect the business needs of the enterprise. If the firewall protection execution settings are not carefully and fully defined in accordance with internal enterprise requirements, the security filtering rules added to the firewall may allow unsafe services and communications to pass, thus causing unnecessary dangers and troubles to the enterprise network. A firewall can be compared to a data filter. If reasonable filtering rules are formulated in advance, it will be able to intercept unruly data packets, thus playing a filtering role. On the contrary, if the rules are incorrect, it will backfire.
What functions should a small and medium-sized enterprise firewall have:
How to reasonably implement the configuration of the firewall? First, let’s take a look at what functions should be generally available for small and medium-sized enterprise firewalls:
1. Dynamic packet filtering technology, dynamically maintains the status (connection) of all communications through the firewall, and connect-based filtering;
2. It can be used as a place to deploy NAT (Network Address Translation) and use NAT technology to dynamically or statically correspond to internal IP addresses to alleviate the problem of address space shortage;
3. You can set a policy on data entry and exit between trust domains and distrust domains;
4. Rule plan can be defined so that the system can automatically enable and close policies at some point;
5. It has detailed logging functions, provides records of firewall information, system management information, and system failure information that complies with rules, and supports log server and log export;
6. It has IPSec VPN function, which can achieve secure remote access across the Internet;
7. It has email notification function, which can notify network administrators of the system by sending emails;
8. It has attack protection function to discard irregular IP, TCP report or TCP semi-connection, UDP message and ICMP message exceeding the experience threshold;
9. Java, ActiveX, Cookies, URL keywords, and Proxy in the web are filtered.
The above are some of the protective features that small and medium-sized enterprise firewalls should have. Of course, with the development of technology, the functions of small and medium-sized enterprise firewalls will become more and more abundant; but no matter how multifunctional firewalls are, if there is no reasonable configuration and management, then this is just an IT decoration.
How to implement firewall configuration
How to implement firewall configuration? We discuss it from the following aspects:
Rules implementation
The implementation of the rules seems simple, but in fact it requires detailed information statistics to be implemented. In the process, we need to understand the company's internal and external applications and the corresponding source address, destination address, TCP or UDP port, and sort the countermeasure rate in the rule table according to the frequency of execution of different applications before implementing configuration. The reason is that the firewall executes sequentially when searching for rules. If the commonly used rules are put first, the work efficiency of the firewall can be improved. In addition, it is also necessary to obtain virus warnings from the virus monitoring department in a timely manner and update the firewall's policies.
Rules Enable Plan
Often some strategies need to be enabled and turned off at special moments, such as 3:00 am. For network administrators who may be sleeping at this time, in order to ensure the normal operation of the policy, they can use the rule activation plan to set the activation time for the rule. In addition, in some companies, in order to avoid online peaks and attack peaks, some applications are often put into implementation at night or in the early morning, such as remote database synchronization, remote information collection, etc. When encountering these needs, network administrators can automatically maintain the security of the system by formulating detailed rules and enabling plans.
Log monitoring
Log monitoring is a very effective security management method. Many administrators often think that as long as they can do log information, they collect all the alarms or all traffic that matches or does not match the policy, etc. This approach seems to be very complete, but you can think of millions or even more data packets entering and leaving the firewall every day. How do you analyze the information you need in these dense entries? Although some software can obtain graphics or statistics by analyzing logs, these software often need to be developed or formulated repeatedly, and are expensive. Therefore, only the most critical logs are truly useful logs.
Generally speaking, the system's alarm information is necessary to record, but there should be a choice for traffic information. Sometimes in order to check a problem, we can create a new policy that matches the problem and observe it. For example: a worm virus was found in the intranet. The virus may attack a certain UDP port of the host system. Although the network administrator has cleared the virus, in order to monitor whether other hosts are infected, we can add a policy to the port and log it to detect traffic within the network.
In addition, the enterprise firewall can respond to messages exceeding the experience threshold, such as discarding, alarms, logs, etc., but all alarms or logs need to be carefully analyzed. The system's alarm supports determining based on the experience value. For example, the number of sessions generated by workstations and servers is completely different, so sometimes it is found that the system informs an email server to issue an attack on a certain port, and it is very likely that the server is constantly resending some unresponsive emails.
Equipment Management
For enterprise firewalls, device management can usually be achieved through access to remote web management interfaces and the Internet external network port being pinged, but this method is not very secure because it is possible that the built-in web server of the firewall will become the target of attack. Therefore, it is recommended that remote network management should use IPsec VPN to manage internal port network management addresses.
But a firewall is not a barrier for psychological comfort. Only by knowing how to use a firewall can you truly block the threat from the door. For many small and medium-sized enterprises, the configuration of firewalls often does not reflect the business needs of the enterprise. If the firewall protection execution settings are not carefully and fully defined in accordance with internal enterprise requirements, the security filtering rules added to the firewall may allow unsafe services and communications to pass, thus causing unnecessary dangers and troubles to the enterprise network. A firewall can be compared to a data filter. If reasonable filtering rules are formulated in advance, it will be able to intercept unruly data packets, thus playing a filtering role. On the contrary, if the rules are incorrect, it will backfire.
What functions should a small and medium-sized enterprise firewall have:
How to reasonably implement the configuration of the firewall? First, let’s take a look at what functions should be generally available for small and medium-sized enterprise firewalls:
1. Dynamic packet filtering technology, dynamically maintains the status (connection) of all communications through the firewall, and connect-based filtering;
2. It can be used as a place to deploy NAT (Network Address Translation) and use NAT technology to dynamically or statically correspond to internal IP addresses to alleviate the problem of address space shortage;
3. You can set a policy on data entry and exit between trust domains and distrust domains;
4. Rule plan can be defined so that the system can automatically enable and close policies at some point;
5. It has detailed logging functions, provides records of firewall information, system management information, and system failure information that complies with rules, and supports log server and log export;
6. It has IPSec VPN function, which can achieve secure remote access across the Internet;
7. It has email notification function, which can notify network administrators of the system by sending emails;
8. It has attack protection function to discard irregular IP, TCP report or TCP semi-connection, UDP message and ICMP message exceeding the experience threshold;
9. Java, ActiveX, Cookies, URL keywords, and Proxy in the web are filtered.
The above are some of the protective features that small and medium-sized enterprise firewalls should have. Of course, with the development of technology, the functions of small and medium-sized enterprise firewalls will become more and more abundant; but no matter how multifunctional firewalls are, if there is no reasonable configuration and management, then this is just an IT decoration.
How to implement firewall configuration
How to implement firewall configuration? We discuss it from the following aspects:
Rules implementation
The implementation of the rules seems simple, but in fact it requires detailed information statistics to be implemented. In the process, we need to understand the company's internal and external applications and the corresponding source address, destination address, TCP or UDP port, and sort the countermeasure rate in the rule table according to the frequency of execution of different applications before implementing configuration. The reason is that the firewall executes sequentially when searching for rules. If the commonly used rules are put first, the work efficiency of the firewall can be improved. In addition, it is also necessary to obtain virus warnings from the virus monitoring department in a timely manner and update the firewall's policies.
Rules Enable Plan
Often some strategies need to be enabled and turned off at special moments, such as 3:00 am. For network administrators who may be sleeping at this time, in order to ensure the normal operation of the policy, they can use the rule activation plan to set the activation time for the rule. In addition, in some companies, in order to avoid online peaks and attack peaks, some applications are often put into implementation at night or in the early morning, such as remote database synchronization, remote information collection, etc. When encountering these needs, network administrators can automatically maintain the security of the system by formulating detailed rules and enabling plans.
Log monitoring
Log monitoring is a very effective security management method. Many administrators often think that as long as they can do log information, they collect all the alarms or all traffic that matches or does not match the policy, etc. This approach seems to be very complete, but you can think of millions or even more data packets entering and leaving the firewall every day. How do you analyze the information you need in these dense entries? Although some software can obtain graphics or statistics by analyzing logs, these software often need to be developed or formulated repeatedly, and are expensive. Therefore, only the most critical logs are truly useful logs.
Generally speaking, the system's alarm information is necessary to record, but there should be a choice for traffic information. Sometimes in order to check a problem, we can create a new policy that matches the problem and observe it. For example: a worm virus was found in the intranet. The virus may attack a certain UDP port of the host system. Although the network administrator has cleared the virus, in order to monitor whether other hosts are infected, we can add a policy to the port and log it to detect traffic within the network.
In addition, the enterprise firewall can respond to messages exceeding the experience threshold, such as discarding, alarms, logs, etc., but all alarms or logs need to be carefully analyzed. The system's alarm supports determining based on the experience value. For example, the number of sessions generated by workstations and servers is completely different, so sometimes it is found that the system informs an email server to issue an attack on a certain port, and it is very likely that the server is constantly resending some unresponsive emails.
Equipment Management
For enterprise firewalls, device management can usually be achieved through access to remote web management interfaces and the Internet external network port being pinged, but this method is not very secure because it is possible that the built-in web server of the firewall will become the target of attack. Therefore, it is recommended that remote network management should use IPsec VPN to manage internal port network management addresses.