Firewall in Linux:-
A
firewall is a secure and trusted machine that sits between a private network
and a public network.The firewall machine is
configured with a set of rules that determine which network traffic will be
allowed to pass and which will be blocked or refused. In some large
organizations, you may even find a firewall located inside their corporate
network to segregate sensitive areas of the organization from other employees.
Many cases of computer crime occur from within an organization, not just from
outside.
The term firewall comes from a device used to protect people from fire. The firewall
is a shield of material resistant to fire that is placed between a potential
fire and the people it is protecting.
Firewalls
can be constructed in quite a variety of ways. The most sophisticated
arrangement involves a number of separate machines and is known as a perimeter network. Two machines act as "filters" called
chokes to allow only certain types of network traffic to pass, and between
these chokes reside network servers such as a mail gateway or a World Wide Web
proxy server. This configuration can be very safe and easily allows quite a
great range of control over who can connect both from the inside to the
outside, and from the outside to the inside. This sort of configuration might
be used by large organizations.
Typically
though, firewalls are single machines that serve all of these functions. These
are a little less secure, because if there is some weakness in the firewall
machine itself that allows people to gain access to it, the whole network
security has been breached. Nevertheless, these types of firewalls are cheaper
and easier to manage than the more sophisticated arrangement.
The
Linux kernel provides a range of built-in features that allow it to function
quite nicely as an IP firewall. The network implementation includes code to do
IP filtering in a number of different ways, and provides a mechanism to quite
accurately configure what sort of rules you'd like to put in place. The Linux
firewall is flexible enough to make it very useful in either of the
configurations.
No comments:
Post a Comment