防火墙的作用

防火墙的作用 防火的作用墙墙墙墙 防火就是通互网接入您的用网或算机系的信墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 息行的程序或硬件。如果器入的信息数据包墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 行,不允数据包通。 如果墙墙墙Web服器工作原理,那您互网上的数据方式墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙已有了充分,并且能很容易看出防火是如何帮 助人保大公司内的算机的。假您所就的公司有墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙500名工。公司因墙墙墙墙墙墙而有数百台算机通网卡互相接。此外,公司有一个或多个通墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙T1或T3等似墙墙墙路的互网接。如果不安装防火,互网上的任何墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 人都可以直接数百台算机。懂行的人可能探些算机,墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙与些算机建立FTP墙墙墙墙墙墙墙墙接,与它建立telnet墙墙墙墙墙墙接,等等。如果有工犯从而留下安全漏洞,那黑客可以入相的算机并利用漏洞。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 如果安装防火,情况将大不相同。公司将在墙墙墙墙墙墙墙墙墙墙墙墙墙个互网接布置防火每，例如,在条入公司的每墙墙墙墙墙T1墙墙墙墙墙墙墙墙墙墙墙墙墙墙路上,防火可以施安全。例如,公司内的一条安全可能是:墙墙墙墙墙墙 在本公司内的500台算机中,只允一台算机接收公共墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙FTP通信。只允与算墙墙墙墙墙机建立FTP墙墙墙墙墙墙墙墙墙墙墙墙接,而阻止与其他任何算机建立的接。 公司可以墙FTP服器、墙墙墙Web服器、墙墙墙Telnet服器等置似的。此外,墙墙墙墙墙墙墙墙墙墙墙墙墙墙公司可以控制工接网站的方式、控制是否允文件墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 通网离公司等。利用防火,公司可以人使用网墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 的方式行多控制。墙墙墙墙墙墙墙 防火使用以下三中的一或多来控制流入和流出网的通信:墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙•墙墙——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙数据包根据一器分析数据包，小的数据,。 通器的数据包将送到求数据包的系,没有通的墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 数据包将被弃。墙墙墙 •墙——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙代理服防火索来自互网的信息,然后将信息 送到求信息的系,反之亦然。墙墙墙墙墙墙墙墙墙墙墙墙墙 •墙墙墙——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙状是一新的方法,它并不个数据包每 的,而是将数据包的特定部分与受信任信息数据行比。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙从防火内部到外部的信息将受到,以得特定的定墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙特征,然后将入的信息与些特征行比。如果通比得 出合理的匹配,允信息通。否将弃信息。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 定制合适的防火墙 可以防火行定制。意味着您可以根据多个条件来墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 添加或除器。其中一些条件如下:墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 •IP地址互网上的——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙台算机被分配了一个唯一的地址,称IP每地址。IP地址是32位数字,通常示墙4个八位二制数“墙”“墙”墙墙墙墙墙墙墙,并以句点分隔的十制数直表示。典型的IP地址如下所示:216.27.61.137。例如,如果公司外部的某个IP地址从服器取了多墙墙墙墙墙墙墙文件,防火可以阻止与墙墙墙墙墙墙墙墙墙墙IP地址之的所有通信。墙墙墙墙墙墙墙 •——墙墙域名由于成IP地址的数字串不容易住,而且墙墙墙墙墙IP地址有需要更改,墙墙墙墙墙因此互网上的所有服器有易于理解的名称,称域墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 名。例如,大多数人来,住墙墙墙墙墙墙墙墙墙墙www.howstuffworks.com比住墙墙216.27.61.137更容易。公司可以阻止特定域名行的所有,或者允特定域墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙名。 •墙墙——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙是想要使用某一服的某一方与服之行通信的一定方式。“”墙墙墙墙墙墙墙墙某一方可能是一个人,但在更多的情况下,它是一个算机程序,例如Web墙墙墙墙器。通常是文本,并明客机和服器行会的方式。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙http是Web墙墙墙。公司可以只置一台或两台算机来理特定,而在其他所有算机上禁墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 用。下面是一些可以其置防火器的常:墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 墙IP，互网,墙墙墙墙墙Internet Protocol,互网上的主要信息系——墙墙墙墙墙墙墙墙墙墙墙墙 墙TCP，控制,墙墙墙墙墙墙墙Transmission Control Protocol,用于拆分和原互——墙墙墙墙网上的信息墙墙墙墙墙 墙HTTP，超文本,墙墙墙墙墙Hyper Text Transfer Protocol,用于网——墙 墙FTP，文件,墙墙墙墙墙File Transfer Protocol,用于下和上文件——墙墙墙墙墙墙 墙UDP，用数据,墙墙墙墙墙墙墙User Datagram Protocol,用于无需响的信息,——墙墙墙墙如音流和流墙墙墙墙墙墙 墙ICMP，Internet控制消息,墙墙墙Internet Control Message Protocol,供路由器用—— 来与其他路由器交信息墙墙墙 墙SMTP，件,墙墙墙墙墙墙墙墙墙Simple Mail Transport Protocol,用于送基——墙墙墙于文本的信息，子件,墙墙墙墙墙 墙SNMP，网管理,墙墙墙墙墙墙墙墙墙Simple Network Management Protocol,用于从——墙程算机收集系信息墙墙墙墙墙墙墙墙墙 墙Telnet——用于在程算机上行命墙墙墙墙墙墙墙墙墙 •——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙端口任何服器算机都使用号的端口向互网提 供服,个端口于服器上提供的一服，信息,参墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙每Web服器工作墙墙墙墙原理,。例如,如果服器算机正在运行墙墙墙墙墙墙墙墙墙Web，HTTP,服器和墙墙墙FTP服器,通墙墙墙墙墙常可以通端口墙墙墙80墙墙Web服器,并可以通端口墙墙墙墙墙墙墙墙墙墙21墙墙FTP服器。除一台墙墙墙墙墙墙墙算机外,公司可能阻止公司内其他所有算机上的端口墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙21墙墙墙墙 行。 •墙墙墙——墙墙墙墙墙墙墙墙墙墙特定和短可以是任意内容。防火将嗅探，底搜,个信每息数据包,确定是否存在与器中列出的文本完全匹配的内容。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙例如,您可以指示防火阻止任何含有墙墙墙墙墙墙墙“X-rated”一的数据包。里墙墙墙墙墙墙墙墙的在于必是精确匹配。墙墙墙墙墙墙墙墙墙墙墙墙“X-rated”墙墙“器不会捕捉X rated”，不含字墙墙符,。但您可以根据需要包括任意多的、短以及它的体。墙墙墙墙墙墙墙墙墙墙墙墙墙 一些操作系内置了防火。如果没有,您可以在墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙家中具有互网接的算机上安装件防火。算机称网,墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 因它提供了墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 家庭网与互网之的唯一接入点。 至于硬件防火,防火装置本墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙身通常就是网。Linksys Cable/DSL路由器就是方面墙墙墙的例子。它内置了以太网卡和集器。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙家庭网中的算机与路由器墙墙墙墙墙墙墙墙墙接,而路由器又与制解器或DSL墙墙墙墙墙墙墙墙墙墙墙墙墙制解器接。您可以通基于Web的界面配置路由器,墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙界面可以通算机上的器。然后,您可 以置任何器或其他信息。墙墙墙墙墙墙墙墙墙墙墙墙墙 硬件防火墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙非常安全,而且价格也不。包含路由器、防火和以墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙太网集器的、用于接的家庭版硬件防火价格在100美元以内。防火提供墙墙墙墙墙墙墙墙哪些保, 肆无忌墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙的人想出了各富有意的方法来或用未加保的算机:墙墙墙墙墙墙 •墙墙——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙程登他人能接到您的算机并以某形式控制它。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙包括看或您的文件以及在您的算机上运行程序。 •墙墙——墙墙墙墙墙墙墙墙墙墙墙墙用程序后一些程序具有特殊功能,能行程。另外一些程序含有缺陷,些墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙缺陷提供了后，即藏入口,,可用来墙墙墙墙墙墙墙墙墙墙墙 程序行某程度的控制。 •SMTP会墙墙墙——劫持SMTP是通互网送子件的墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙最常用方法。通取子件地址列表的,可以向数以墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙千的用墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙送未求的垃圾件。常用的方法是通不知情主机的SMTP服器墙墙墙墙墙墙重定向子件,从而墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 藏垃圾件的件人的踪迹。 •墙——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙操作系像缺陷用程序一,一些操作系也有后。另外一些操作系提供了墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙缺乏足安全控制的程,或者存 在墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 丰富的黑客可以利用的缺陷。 •墙墙——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙拒服您可能在于大型网站受到攻的新道中听墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙个短。型的攻几乎无法抵御。攻的原理是:黑客向服器送接求。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙当服器用答响并建立会 却找不到出求的系。黑客通向服器送无数无法墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 答的会求,使得服器墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 速度慢或者最崩。 •墙墙墙——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙子件子件炸炸通常是个人起的攻。某人向您送数百或数墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙千封相同的子件,直到您的子 件系墙墙墙墙墙墙墙墙墙墙墙墙 再也无法接收任何件。 •——墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙宏了化程,多用程序允建可供用程序 运行的命令脚本。墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙脚本称宏。黑客利用一功能建自己的宏,根据用程序的不同,些墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙您的数据或使算机毁宏崩可以摧。 •——墙墙墙墙墙墙墙墙墙墙墙墙墙病毒算机病毒大概是最著名的威。病毒是可以将自己制到其他算机的小程序。通制,墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙病毒可以在不同系之 墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙快速播。病毒既包括无害的件,也包括可以擦除您 所有数据的危病毒墙墙墙墙 。 •墙——墙墙墙“墙”墙墙墙墙墙墙墙墙墙墙墙垃圾件里将生活垃圾中的件一借用到子域,它 通常是无害的,但是墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙令人。不垃圾件也可能具有危。 它常常包含指向网站的接。些接一定要小墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙心,因您可 能意外接受向您的算机提供后的墙墙墙墙墙墙墙墙Cookie。 •墙——重定向炸黑客可以使用ICMP将信息送到的路由器,从而墙墙墙墙墙墙墙墙墙墙墙 更改，重定向,信息采用的路径。是施墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 拒服攻的一方法。 •——墙墙墙墙墙墙墙墙墙墙墙源路由在大多数情况下,数据包在互网，或其他任何网, 上的路墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙径由沿路径的路由器决定。但提供数据包 的源可以任意指定数据包的路由。黑客有利用一点使信息看墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙 起来像是来自受信任的源甚至网内部墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙:大部分防火品默情况 下禁用源路由。 即使有可能,以上列出的一些墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙也以利用防火行。然一些防 火提供了防墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙台算机上安装防病毒功能,但在病毒件是得的。每 另外,尽管令人,但只要您接受子件,一些墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙垃圾件就 能墙墙墙墙墙墙墙墙墙 穿您的防火。 您所确立的安全将墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙决定防火可以阻止的威的数量。最 高安全可以阻止一墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙切通信。然,也使互网接失去 了意。但一条常用的法是阻止一墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙切通信,然后始 墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙允通的通信型。您可以通防火的通信行限 制,从而只允特定型的信息，如子件,通。如果墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙企 有有的网管理,并且些管理了解墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙企需求并确切 知道允墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙哪些通信通,那是一条不的。于我大多 数人来,除墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙非有特定的更改理由,否最好使用由防火人提供的默置。 站在安全角度来,防火墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙最大的好之一在于它能阻止任 何外人登墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙您的用网中的算机。企来非常重要, 大多数家庭网大墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙墙概不会受到方面的威。不,布置防火是能人放心一些。 Firewall role A firewall is to through Internet connection to your special network or computer systems information filtering program or hardware equipment. If filters the information on to into packets, do not allow the mark packets through. If read Web server working principle, then you for Internet data transmission should already have fully understand and can easily see firewall is how to help people to protect the computers in a large company. Assuming your company has 500 employees. Companies which have hundreds of computer through the nic interconnect. In addition, the company have one or more through T1 or T3 and similar lines realize Internet connection. If not to install a firewall, then Internet anyone can directly access this hundreds of computer. Judges may detect these computers, try to establish the FTP connection with these computers, trial and they build Telnet connection, etc. If there are employees to leave vulnerabilities that mistakes that hackers can enter the corresponding computer and use the loophole. If install a firewall, the situation will differ greatly. The company will decorate firewall in every Internet connection (for example, after each road into the company's T1 line) firewall can implement safety rules. For example, a safety rules within the company may be:In the company of 500 computer within only allows a computer receiving public FTP communications. Only allow computers to establish FTP connection with this, and prevent and any other computer establish such a connection. The company can for FTP server, Web server, Telnet server setting similar rules, etc. In addition, the company also can control the way links employees, control whether to allow files through the network to leave the company, etc. Use a firewall, companies to the way people using the web to so many control. Firewall use the following three methods of one or more to control the inflows and outflows of network communication: • packet filtering -- according to a set of filters analysis of data packets (small block). Through the filter packet will send to request packet system, not through the packet will be discarded. • agency services -- the information from Internet firewall retrieval, then sends messages to request information system, and vice versa. • state test - this is a very novel method, it does not examine each packet content, but a key part of the package to specific with trusted information database are compared. From the internal transfer to external firewall information would be watched, to obtain specific definition characteristics, then will the incoming information compared with these features. If by comparing reasonably come to the match, then allow information through. Otherwise will forsake information. For a custom fit a firewall Can be customized to the firewall. This means that you can according to multiple conditions to add or delete filters. Some conditions as follows: • IP address - Internet each computer is assigned a unique address, called IP address. IP address is a 32-bit Numbers, usually expressed as a 4 "8 binary number", and with "period space decimal number" intuitive said. The typical IP address shown below: 216.27.61.137. For example, if a IP address outside the company from server read too many documents, is a firewall with the IP address can stop all communication between. • a domain name - because the composed IP address numeric string not easy to remember, and IP address sometimes need to change, so Internet all servers have easily understood, called the domain name. For example, for most people, remember www.howstuffworks.com 216.27.61.137 more easily than remembering. The company can stop all of specific domain name, or simply allow access to visit specific domains. • agreement - protocol is want to use a service with the service of one side of the communication between a predefined ways. "One party" may be one person, but in more cases, it is a computer program, such as Web browser. An agreement is usually is text, and a brief explanation of the client and server conversation way. HTTP is Web agreement. The company can only set up one or two computers to handle specific agreement, and in all other computer disable this agreement. Below are some for its setting firewall filter can be a common agreement: IP (Internet Protocol), Internet protocols - Internet information transmission system mainly? TCP (Transmission Control Protocol, Transmission Control Protocol) - used to split and recover the Internet message ? HTTP (hypertext Transfer Protocol, Hyper Protocol) - 'sites for web page ? FTP (File Transfer Protocol, File for downloading Protocol) - 'and upload files(the User data submitted ? UDP Protocol User Datagram Protocol, without response -- used for the) information, such as audio stream and streaming video ? Internet Control Message Protocol (ICMP Protocol), Internet Control for router macro - with other routers to exchange information ? SMTP (Simple Mail transfer Protocol Transport Protocol), Simple E-mail - used to send text-based information (email) ? SNMP Protocol), a Simple Management from the remote computer -- used for collecting system information Telnet ? -- used for remote computer on execution in life • port - any server computers are used to the Internet with Numbers port provide services, each port provide corresponding to the server of a service (detailed information, please see the Web server working principle). For example, if the server computer is running the Web (HTTP) server and FTP server, it can usually through port 80 access Web server, and may through port 21 visit the FTP server. In addition to a computer, the company may prevent outside of all other computer within the company the port 21 visit. • specific words and phrases - this can be arbitrary content. Firewall will sniffer (thorough search) each information packets to determine whether existence and filter listed in the text exactly match the content. For example, you can indicate the firewall to stop any contains "rated X - the word" packets. Here's the key lies in must be accurately match. "X - rated" filter "X rated won't catch" (excluding hyphens). But you may, according to needs including arbitrary number of vocabulary and phrases and their variants. Some operating system built-in firewall. If not, you can have an Internet connection in the home computer software installed on the firewall. This computer called gateway, because it provides a home network and the Internet only access points between. As for the hardware firewall, firewall the device itself is usually gateways. Linksys Cable/DSL router is example of this. Its built-in Ethernet card and hubs. Family the computer on the network and router connection, and routers and with cable modem or DSL modem connection. You can pass based on Web interface configuration router, this interface can visit the browser by computer. Then, you can set up any filter or other information.Hardware firewall very safe, and the price is expensive. Contains routers, firewalls and Ethernet hub, used for broadband connection family edition hardware firewall prices within the $100. Firewall protection? Provide what Unbridled people come up with all sorts of creative ways to access or abuse didn't add protection computer: • Telnet - others to connect to your computer and control it in some form. This includes view or access to your files, and on your computer actual operation procedure. • application back door - some procedure has special function, the ability of remote access. Some other programs contain flaws that provides door (namely hidden entrance), can be used to the procedure some degree of control. • SMTP session hijacking via the Internet - SMTP is the most commonly used to send email method. Through the acquisition of an E-mail address list, can access to thousands of users send unsolicited junk mail. Commonly used method is through the uninformed host SMTP relied on directional E-mail, thus hide the actual sender of junk mail trace.• operating system defect - like application is same, some operating system also have door. Other operating system provides the lack of safe enough to control remote access, or existence experienced hackers can use defects. • denial of service - you may be in large sites attacked on the news reports heard of this phrase. This type of attack almost impossible to resist. This kind of attack is principle: hackers to the server sends the connection attempt. When the server response response and try to establish conversation, but couldn't find the system request. Hackers through to the server sends countless such cannot response session request, make server slowing down or eventually collapse. • E-mail bomb - electronic mail bombs are usually any attack against individuals. Someone asks you to send the hundreds or thousands of sealing the same email, until your email system couldn't receive any mail. • macro - in order to simplify the complex process, many application allows to create for application to run scripts. This script called macros. Hackers use this function to create their own macro, according to the different application, these macros can destroy your data or make a computer crash. • virus - a computer virus is probably the most famous threat. The virus is can own copy to other computer small programs. Through the copy and the virus can spread rapidly between on different systems. The virus both harmless mail, also including can erase your risk of all data virus. • spam - here will be real-life "spam" one word borrow electronic fields, they are usually harmless, but always unpleasant. But spam may also have dangerous. It often contain pointing and web link. Click the links must be careful, because you have accidentally accept to your computer provides of back-door Cookie. • redirection bomb - hackers can use ICMP sends messages to other routers, thus change (redirection) information USES the path. This is implementing denial-of-service attack a method. • source routing - in most cases, packets in the Internet (or any other network) transmitted on path along the path router by decision. But the source can provide packet transmission of arbitrary designation packet routing. Hackers sometimes using this makes information looks like from trusted source even network internal! Most of the firewall products by default disable source routing. Even if possible, some of the items listed above can also be difficult to use a firewall filtered. Although some firewall provides anti-virus function, but in every computer installed antivirus software is worth it. In addition, although obnoxious, but as long as you accept email, some spam can pass through your firewall. You establish security level will decide firewall can stop the number of the threat. The highest level of security can stop all communications. Obviously, this also make the Internet connection lost meaning. But a common rule of thumb is to stop all communication, then choose to allow through communication types. You can also to limit of communication through the firewall, which only allows certain types of information (such as email) through. If the company has experienced network administrators, and these administrator know enterprise needs and know exactly what communication through, then allowed it is a good rule. For most of us, unless there is a specific change reason, otherwise it is best to use the firewall developers by default Settings. Standing in a security standpoint, one of the biggest advantage is the firewall to stop any stranger that it can login your special the computer on the network. This is very important for enterprise, most families network probably won't impacted by this threats. However, decorate a firewall or can let a person be at ease some.