防火墙概念（Firewall concept）.doc

防火墙概念（Firewall concept） (I) firewall concept A firewall is not just a router, a master system, or a batch of systems that provide security to the network. Instead, firewalls are a way of gaining security; it helps to implement a broader security policy to identify services and access that are allowed. A firewall is a concrete implementation of network configuration, one or more master systems and routers, and other security measures, such as advanced authentication in place of static passwords. The primary purpose of a firewall system is to control round trip access to protected networks (i.e., networks). Its approach to implementing network access policies is to force the connections to pass through firewalls that can be checked and evaluated. Examples of routers and application gateways firewalls A firewall system can be a router, or a personal host, a host system, and a host of proprietary systems that isolate the network or subnet from protocols and services that abuse the main system outside the network. The connection gateway firewall system is usually located at the higher level such as network and Internet, but the firewall system can be located at the gateway of lower grade, in order to provide protection for some small number of main system or subnet. A firewall is essentially an independent process or a set of closely coupled processes running on Router or Server to control traffic flow through a firewalls network application. In general, firewalls are placed on public networks such as Internet. It can be seen as a traffic policeman. Its role is to ensure that all communications between a network within a unit and Internet are in line with the units safety policy. These systems are based largely on TCP/IP and are related to implementation methods that implement security roadblocks and provide managers with answers to the following questions: * whos using the Internet? * What are they doing online? * when did they use the Internet? Where did they go on the