Firewalls are the first line of defense between the internal network and untrusted networks like the Internet. You should think about firewalls in terms of what you really need to protect asp.net software company in india , so you will achieve the right level of protection for your environment.
Firewalls have been one of the
most popular and important tools used to secure networks since the early days
of interconnected computers. The basic
function of a firewall is to screen network traffic for the purposes of
preventing unauthorized access between computer networks.
First introduced conceptually in
the late 1980s in a whitepaper from
Digital Equipment Corporation, “firewalls” provided a then new and important
function to the rapidly growing networks of the day for asp.net software comapany india. Before dedicated hardware
was commercially available, router-based access control lists were used to
provide basic protection and segregation for networks. However, they proved to
be inadequate as emerging malware and hacking techniques rapidly developed.
Consequently, firewalls evolved over time so their functionality moved up the
OSI stack from layer three to layer seven.
The Evolution of Firewalls
First-Generation Firewalls were simply permit/deny engines for layer three traffic,
working much like a purposed access control list appliance. Originally,
first-generation firewalls were primarily used as header-based packet filters,
capable of understanding source and destination information up to OSI layer
four (ports). However, they could not perform any “intelligent” operations on
the traffic other than “allow or deny it from this predefined source IP address
to this predefined destination IP address on these predefined TCP and UDP
ports.”
Second-Generation Firewalls were able to keep track of active network sessions for asp.net software companies in india, putting
their functionality effectively at layer four. These were referred to as
stateful firewalls or, less commonly, circuit gateways. When an IP address (for
example, a desktop computer) connected to another IP address (say, a web
server) on a specific TCP or UDP
port, the firewall would enter these identifying characteristics into a table
in its memory. This allowed the firewall to keep track of network sessions,
which could give it the capability to block Man-In-The-Middle (MITM) attacks from other IP addresses. In some
sophisticated firewalls, a high-availability (HA) pair could swap session
tables so that if one firewall failed, a network session could resume through
the other firewall.
The Third Generation of firewalls ventured into the application layer—layer
seven. These “application firewalls” were able to decode data inside network
traffic streams for certain well-defined, preconfigured applications such as HTTP (the language of the web), DNS (the protocol for IP address
lookups), and older, person-to-computer protocols such as FTP and Telnet.
Generally, they were unable to decrypt traffic, so they were unable to check
protocols like HTTPS and SSH. They
were designed for c#.net software company in india with the World Wide Web
(WWW) in mind, which made them well
suited to detecting and blocking web site attacks that were generating a great
deal of concern at the time, like cross-site scripting and SQL injection.
Consider these in comparison to today’s
current generation of firewalls (commonly termed the fourth generation), which
have the intelligence and capability to look inside packet payloads and
understand how applications function. As silicon has increased in speed,
advanced router-based firewalls exist today that can provide IP inspection as a
software component of a multipurpose router, although they do not provide the
speed or sophistication of today’s industrial-strength firewalling
solutions. In addition, Unified Threat Management
(UTM) devices have combined sophisticated, application-layer firewalling
capability with antivirus, intrusion detection and prevention, network content
filtering, and other security functions. These are true layer seven devices.
Fourth-Generation Firewalls can
run application-layer gateways, which are specifically designed to understand
how a particular application should function and how its traffic should be
constructed and patterned (traffic that conforms predictably to an
application’s well-defined communication protocol is referred to as “well
formed”). There are Fifth-Generation Firewalls,
which are internal to hosts and protect the operating system kernel for c# dot net software company in india, and some Sixth-Generation Firewalls have
been described (meta firewalls), but most network appliances you will find
today fall into the generally accepted fourth-generation firewall definition.
Some manufacturers call their devices “Next-Generation
Firewalls” or “Zone-Based Firewalls,”
and these essentially function under the same guiding principles of the fourth-generation
designs. In this chapter, we primarily focus on fourth-generation firewalls and
the key functionality that they enable.
No comments:
Post a Comment