A firewall is a specialized firewall complex, also called a firewall or firewall system. ME allows you to divide a common network into two parts (or more) and implement a set of rules that determine the conditions for the passage of packets with data across the border from one part of the common network to another. As a rule, this border is drawn between the corporate (local) network of the enterprise and the global Internet.
Typically, MEs protect the enterprise’s internal network from “intrusions” from the global Internet, although they can also be used to protect against “attacks” from the corporate intranet to which the enterprise’s local network is connected. ME technology is one of the very first technologies to protect corporate networks from external threats.
For most organizations, the installation of ME is a prerequisite for ensuring the security of the internal network.
To counteract unauthorized firewall access, the firewall must be located between the organization’s protected network, which is an internal network, and a potentially hostile external network. Moreover, all interactions between these networks should be carried out only through the firewall. Organizationally, the firewall is part of the protected network.
A firewall that protects many internal network nodes at once is designed to solve:
- the task of restricting the access of external (in relation to the protected network) users to internal resources.
Open external network
Protected internal network of the corporate network. Such users may include partners, remote users, hackers, and even employees of the company itself, trying to access database servers that are protected by a firewall.
- the task of delimiting the access of protected network users to external resources. The solution to this problem allows, for example, to regulate access to servers that are not required to perform official duties.
Until now, there is no single universally accepted classification of firewalls. They can be classified, for example, according to the following main features.
On functioning at OSI model levels:
- screening router;
- gateway session level (shielding transport);
- application gateway;
- stateful inspection firewall.
According to the technology used:
- protocol state control (stateful inspection);
- based on proxy modules.
- hardware and software;
According to the connection scheme:
- unified network protection scheme;
- a circuit with protected private and non-protected open network segments;
- scheme with separate protection of the closed and open network segments.