written 6.8 years ago by | • modified 2.7 years ago |
Subject: Advanced Network Technologies
Topic: Network Security
Difficulty: High
written 6.8 years ago by | • modified 2.7 years ago |
Subject: Advanced Network Technologies
Topic: Network Security
Difficulty: High
written 6.6 years ago by |
A firewall is a boundary or a wall to keep intruders from attacking the network. The firewall is network device that is in between a private network and the internet. The firewall is configured to inspect network traffic that passes between the network and the internet. We can assign rules or protocols to the firewall to allow data to be shared. If the protocol isn't included in the approved list it would destroy or discard the packet of data and deny it from entering the network.
When a private network is connected to the internet it allows the people to access information from external sources .when the network is connected to the internet it also allow external uses to enter the private network and steal information from the network. To prevent unauthorized access organizations has firewalls to protect them.
There are mainly two types of firewalls. Software firewalls and hardware firewalls. A firewall provides configurable network access, authentication before accessing services and other services as well.
Capabilities
A firewall defines a single choke point that blocks malicious traffic. The use of a single choke point simplifies security management because security capabilities are consolidated on a (few) point(s).
A firewall is an excellent location for monitoring security-related events. Audits and alarms can be implemented on the firewall system.
A firewall is a convenient platform for several internet functions that are not security related.
A firewall can serve as a platform for IPSEC.
Limitations
It cannot protect against attacks that by-pass the firewall.
It may not protect against internal threats when an insider collaborates with an outside adversary.
It may not be able to protect against viruses and infected files since it may not be possible to scan all incoming traffic.