F?rewall is one of the various ways of protecting the local network from the internet network. In general we can talk about two types of firewalls; Types that prevent data traffic, and types that allow data traffic. While it is essential to block data flow in some firewall types, it is important to arrange and limit data traffic in some cases. Generally, strings are arranged to prevent unauthorized access to the network from outside. Access from the outside to the network is restricted while access from the network is free. Some plugins only allow e-mails traffic, while others allow different data transmission, blocking services (such as FTP, NFS, X-Windows) and some types of communication that might be problematic. Such choices and access permissions are entirely based on the preferences of the users.F?rewall’s main purpose is to hurt the network to prevent those who want to infiltrate.
Generally, firewalls for companies and data centers are a common security method. The strings create a kind of gateway for security and control. In addition, if you want to connect to the system with modem, FIREWALL also has the possibility to control and monitor this connection.The use of various user access control and authorization mechanisms along with firewalls (such as a one time password) is a factor that enhances the security of the local network. Firewall provides extra features in this regard, including the ability to identify and use user passwords and privileges, and to hide the traffic between networks. Types of Firewalls; – Packet Filtering Firewall: Packet Filtering is the most common and easiest method for small and simple sites and networks.
However, due to its many disadvantages, it is not preferred over other species. Basically, an Internet gateway establishes a packet filtering router and then makes necessary settings in the router to block or filter the protocols and addresses. While access to the system is blocked from the Internet, Internet access is usually released from the system. However, the router may allow limited access to the systems and services depending on the security plan. Access and traffic are often blocked for services that may be dangerous, such as nis nfs and x-windows. – Dual-Homed Gateway Firewall: Packet Filtering is the most common and easiest method for small and simple sites and networks. However, due to its many disadvantages, it is not preferred over other species.
Basically, in an Internet network, a packet filtering router is established and then the router makes the necessary settings to block or filter the protocols and addresses. While access to the system is blocked from the Internet, Internet access is usually released from the system. However, the router may allow limited access to the systems and services depending on the security plan. Access and traffic are often blocked for services that may be dangerous, such as nis nfs and x-windows.The dual-homed gateway type f?rewall provides the ability to separate the traffic of the information server from incoming and outgoing data to and from the network. The information server is placed on the subnet between the gateway and the router.
Assuming that the gateway provides the appropriate proxy services for the information server (such as ftp, gopher, or http), the router can prevent direct access to the firewall and expose the access to the firewall. This placement of the information server is a safer method because it does not allow intruders access to the information server and prevents access to the network systems with the double-sided gateway mechanism. – Screened Host Firewall: It is more flexible than Dual-Homed F?rewall. However, as always, the flexilibity provides lack of security. The Screened Host Firewall combines a packet filtering router with an application gateway located on the subnet side of the router in the protected state. The application gateway only needs one network interface.
The proxy services of application gateways can pass telnet ftp and other data packets for some proxy in the network system. Router filters and pitches are the protocols that should be considered as they control access to application gateway and network systems. Unlike the Dual-Homed Gateway Firewall, the application gateway in this system requires only one network interface and does not require a separate subnet between the application gateway and the router. This situation is more flexible but more insecure. For example, less dangerous services such as ntp may allow network systems to pass through the router. If subnetting systems require dns access to internet systems, the dns protocol may be able to access this subnet.
Screened Subnet Firewall: Screened Subnet Firewall is the combination of Screened Host Firewall and Dual-Homed Firewall. Integration modem and Firewall: In many networks, access to the network’s modems is possible via the telephone line. This is a potential backdoor vulnerability and completely disables the protection installed by the firewall.
The way to prevent such situations is to collect all access to the modems at the entrance of a single secure master modem. The master modem entry configuration can be performed through a terminal server that is designed to connect the modems to the network. Modem users first connect to the terminal server, then access othersystems. Some terminal servers in this way also provide additional securityfeatures that can restrict connections to private systems. Alternatively, theterminal server may be a host to which the modems are connected.
The connectionsmade from the modems should be monitored and secured as long as they are opento a number of threats, such as those from the Internet. For this reason,creating the main modem server outside of the firewall is a safe method, sincethe connections to be made with the modem will pass through the firewall.Inaddition, the enhanced access control capability of the application lifecyclecan be used to verify the access rights of users connected to the modem, suchas from the Internet. The packet filtering router can also be used in theinternal system to prevent connections from the main modem server.