firewall categorization methods

《firewall categorization methods》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、FirewallCategorizationMethodsFirewallscanbecategorizedbyprocessingmode,developmentera,orintendedstructureFiveprocessingmodesthatfirewallscanbecategorizedbyare:PacketfilteringApplicationgatewaysCircuitgatewaysMAClayerfirewallsHybridsFirewallsCategorizedbyDevelopmentGener

2、ationFirstgeneration:staticpacketfilteringfirewallsSecondgeneration:application-levelfirewallsorproxyserversThirdgeneration:statefulinspectionfirewallsFourthgeneration:dynamicpacketfilteringfirewalls;allowonlypacketswithparticularsource,destinationandportaddressestoente

3、rFifthgeneration:kernelproxies;specializedformworkingunderkernelofWindowsNTPacketFiltersEitherblockorallowtransmissionofpacketsofinformationbasedoncriteriasuchasport,IPaddress,andprotocolReviewtheheader,stripitoff,andreplaceitwithanewheaderbeforesendingittoaspecificloca

4、tionwithinthenetworkFundamentalcomponentsoffirewallsViewingHeaderContentsTheUseofRulesTheUseofRulesStatefulPacketFilteringDual-HomedHostProxyServerConfigurationFigure8-3SymmetricEncryptionExampleCryptographicAlgorithmsDataEncryptionStandard(DES):oneofmostpopularsymmetri

5、cencryptioncryptosystems64-bitblocksize;56-bitkeyAdoptedbyNISTin1976asfederalstandardforencryptingnon-classifiedinformationTripleDES(3DES):createdtoprovidesecurityfarbeyondDESAdvancedEncryptionStandard(AES):developedtoreplacebothDESand3DESCryptographicAlgorithmsAsymmetr

6、icEncryption(publickeyencryption)Usestwodifferentbutrelatedkeys;eitherkeycanencryptordecryptmessageIfKeyAencryptsmessage,onlyKeyBcandecryptHighestvaluewhenonekeyservesasprivatekeyandtheotherservesaspublickeyFigure8-4UsingPublicKeysAPublicKeyGeneratedbyPGPNetworkAddressT

7、ranslation(NAT)Used,bymostfirewalls,toshieldaprivatenetworkfromoutsideinterferenceTranslatesbetweenprivateaddressesinsideanetworkandpublicaddressesoutsidethenetworkDonetransparently(unnoticedbyexternalcomputers)InternalIPaddressesremainhiddenPerformedbyNATproxyserversUs

8、esanaddresstabletodotranslationsEx:acomputerinsideaccessesacomputeroutsideChangesourceIPaddresstoitsownaddress