Qof kastaa wuu fahamsan yahay shaqada aasaasiga ah ee firewall-ka si looga ilaaliyo shabakadaada malware-ka iyo gelitaanka aan la ogolayn. Laakiin waxyaabaha gaarka ah ee sida ay u shaqeeyaan dab-damiska ayaa ah kuwo aan la aqoon.

Waa maxay dhab ahaantii firewall ? Sidee bay u shaqeeyaan noocyada kala duwan ee dab-damiska? Iyo laga yaabee ta ugu muhiimsan - waa noocee ka mid ah darbiga ugu fiican?

Firewall 101

Si fudud^(Simply) loo dhigo, firewall waa bar shabakad kale oo dhamaadka ah. Waxa khaaska ka dhigaya in ay awood u leedahay in ay dhex gasho oo ay iska baarto taraafikada soo galaya ka hor inta aysan galin shabakada gudaha, iyada oo ka horjoogsanaysa jilayaasha xaasidnimada ah inay galaan.

Xaqiijinta xaqiijinta xiriir kasta, qarinta meesha IP-ga ee laga soo galo hackers-ka, iyo xitaa sawiridda waxyaabaha ku jira xirmo kasta oo xog ah - firewalls ayaa wax walba sameeya. Dab-damisku waxa uu u adeegaa sidii isbaaro noocyo kala duwan ah, isaga oo si taxadar leh u koontaroolaya nooca isgaadhsiinta ee la soo gelinayo.

Xirmooyinka-Filtering Firewalls

Dab-damiska baakadaha sifeynaya ayaa ah tignoolajiyada dab-damiska ugu fudud uguna yar ee ka kheyraad badan halkaas. Iyadoo maalmahan aanay raalli ka ahayn, waxay ahaayeen udub-dhexaadka ilaalinta shabakadaha kombuyuutarradii hore.

Firewall-ka-shaandhaynta baakidhku waxa uu ku shaqeeyaa heer baakidh, isaga oo sawiraya baakidh kasta oo soo gala router-ka. Laakiin dhab ahaantii ma baadho waxa ku jira xidhmooyinka xogta - kaliya madaxyadooda. Tani waxay u oggolaanaysaa firewall-ku inuu xaqiijiyo xogta badan sida isha iyo ciwaannada halka loo socdo, nambarada dekeda , iwm.

Sida aad uga shakisan tahay, nooca dab-damiska aad waxtar uma laha. Dhammaan waxa xirmo shaandhaynta dab-damiska uu samayn karo waa in la dhimo taraafikada shabakadda ee aan loo baahnayn iyadoo loo eegayo liiska xakamaynta gelitaanka. Maadaama baakidhku waxa ku jira laftooda aan la hubin, malware-ku wali wuu dhex mari karaa.

Kaddinnada Heerka Wareegga

Habka kale ee waxtarka leh ee lagu xaqiijinayo sharcinimada isku xirka shabakada waa albaab heer wareeg ah. Halkii laga hubin lahaa madaxyada xidhmooyinka xogta shaqsiga ah, kadin heer wareeg ah ayaa xaqiijiya fadhiga laftiisa.

Mar labaad, firewall-ka sidan oo kale ah ma dhex maro waxa ku jira gudbinta laftiisa, taas oo ka dhigaysa mid u nugul weerarro badan oo xaasidnimo ah. Taas oo la yiraahdo, xaqiijinta isku xirka borotokoolka xakameynta gudbinta^{(Transmission Control Protocol)} ( TCP ) ee lakabka fadhiyada moodelka OSI waxay qaadataa kheyraad aad u yar, waxayna si wax ku ool ah u xiri kartaa isku xirka shabakadaha aan loo baahnayn.

Tani waa sababta albaabbada heerka wareegga inta badan loo dhex dhisay inta badan xalalka amniga shabakadda, gaar ahaan dab-damiska software. Albaabkani waxa kale oo ay caawiyaan qarinta ciwaanka IP-ga isticmaalaha iyaga oo u abuuraya isku xidhka macmalka ah fadhi kasta.

Dab-damisyada Kormeerka Gobolka

Labada Baakidh-Filtering Firewall^{(Packet-Filtering Firewall)} iyo Kadinka Heerka Wareega^{(Circuit Level Gateway)} labaduba waa hirgalinta dab-damiska dawlad la'aan. Tani waxay ka dhigan tahay inay ku shaqeeyaan xeer-hoosaad taagan, oo xaddidaya waxtarkooda. Baakad kasta (ama fadhi) si gaar ah ayaa loola dhaqmaa, taas oo u oggolaanaysa kaliya hubinta aasaasiga ah in la sameeyo.

 Baadhitaanka Dab- demiska^{(Inspection Firewall)} ee Gobolka , dhinaca kale,, wuxuu ilaalinayaa xaaladda xidhiidhka, oo ay la socoto faahfaahinta baakidh kasta oo lagu gudbiyo. Iyadoo la kormeerayo is-gacan-qaadka TCP inta lagu jiro muddada xiriirka, dab-damiska kormeerka gobolka ayaa awood u leh inuu ururiyo miis ka kooban ciwaannada IP-yada iyo nambarada dekedda ee isha iyo halka loo socdo oo uu la mid yahay xirmooyinka soo socda ee leh xeerarkan firfircoon.

Mahadsanid tan, way adag tahay in lagu dhex dhuunto xogta xaasidnimada leh ee la dhaafo dab-badhiye ammaan oo kormeer ah. Dhanka kale, dab-damiska noocan oo kale ah wuxuu leeyahay kharash culus oo kheyraad ah, hoos u dhigaya waxqabadka iyo abuurista fursad ay haakarisku u isticmaalaan weerrarada Diidmada-Adeegyada^{(Denial-of-Service)} Qaybsan ( DDoS ) ee ka dhanka ah nidaamka.

Dab-damiska wakiillada

Si fiican^(Better) loogu yaqaanno Kaddinnada Heerka Codsiga^{(Application Level Gateways)} , Proxy Firewalls waxay ku shaqeeyaan lakabka hore ee qaabka OSI - lakabka codsiga. Sida lakabka ugu dambeeya ee ka sooca isticmaalaha shabakada, lakabkani wuxuu u oggolaanayaa hubinta ugu dhaqsaha badan uguna qaalisan ee xirmooyinka xogta, qiimaha waxqabadka.

Si la mid ah Gateways-Heerka Wareegga^{(Circuit-Level Gateways)} , Proxy Firewalls waxay ku shaqeeyaan dhex dhexaadinta u dhaxaysa martida loo yahay iyo macmiilka, iyaga oo qarinaya ciwaannada IP-ga ee gudaha dekedaha. Intaa waxaa dheer, albaabbada heerka codsiga waxay sameeyaan kormeer baakidh qoto dheer si loo hubiyo in taraafikada aan la marin karin.

Iyadoo dhammaan tallaabooyinkan oo dhan ay si weyn u xoojiyaan ammaanka shabakadda, waxay sidoo kale hoos u dhigtaa taraafikada soo socota. Waxqabadka shabakadu^(Network) waxa ay ku qaadataa guulo ay ugu wacan tahay hubinta khayraadka-dhaqdhaqaaqa leh ee uu sameeyo dab-damis dawladeed sidan oo kale ah, taas oo ka dhigaysa mid liidata oo ku haboon codsiyada xasaasiga ah. 

NAT Firewalls

Nidaamyada kombuyuutarada badan, lynchpin-ka muhiimka ah ee amniga internetka waa in la hubiyo shabakad gaar ah, oo qarinaysa ciwaannada IP-ga gaarka ah ee aaladaha macmiilka ee labadaba hackers iyo adeeg bixiyayaasha. Sidaan horay u soo aragnay, tan waxaa lagu dhammeyn karaa iyadoo la adeegsanayo Dab- bareed^(Proxy) -wade ama Gateway heer wareeg ah.

Habka ugu fudud ee lagu qariyo ciwaannada IP waa in la isticmaalo Turjumaadda Ciwaanka Shabakadda^{(Network Address Translation)} ( NAT ) Firewall . Dab-damiska NAT^(NAT) uma baahna ilo badan oo nidaam ah si ay u shaqeeyaan, iyaga oo ka dhigaya kuwa u dhexeeya server-yada iyo shabakadda gudaha.

Firewalls Codsiga Mareegta

Kaliya Shabakadda Firewalls^{(Network Firewalls)} ee ka shaqeeya lakabka arjiga ayaa awood u leh inay si qoto dheer u baadho xirmooyinka xogta, sida Proxy Firewall , ama weli ka sii fiican, Firewall Application Web^{(Web Application Firewall)} ( WAF ).

Ka shaqaynta shabakada dhexdeeda ama martida loo yahay, WAF waxa ay martaa dhammaan xogta ay gudbiyaan arjiyada shabakadeed ee kala duwan, iyada oo hubinaysa in koodka xaasidnimada ahi aanu soo marin. Qaab dhismeedka dab-damiska ee noocan ahi waxa uu ku takhasusay baadhista baakadaha waxana uu bixiyaa ammaan ka wanaagsan kan heerka dab-damiska heerka sare ah.

Cloud Firewalls

Dab-damiska-dhaqameedka, labada dab-damiska hardware iyo sidoo kale software-ka, si fiican uma miisaanaan. Waa in lagu rakibaa iyada oo maskaxda lagu hayo baahiyaha nidaamka, ama diiradda saaraya waxqabadka sare ee taraafikada ama amniga taraafikada shabakad hoose.

Laakiin Cloud Firewalls aad ayey u dabacsan yihiin. Laga soo dajiyay daruuraha oo ah server-ka wakiil, nooca dab-damiska ayaa xannibaya taraafikada shabakadda ka hor inta uusan gelin shabakadda gudaha, isagoo oggolaanaya fadhi kasta oo xaqiijinaya xirmo kasta oo xog ah ka hor inta aan la gelin.

Qaybta ugu fiican ayaa ah in dab-damisyada noocan oo kale ah kor loo qaadi karo oo hoos loogu dhigi karo awoodda hadba loo baahdo, iyadoo la waafajinayo heerarka kala duwan ee taraafikada soo galaya. Waxaa loo bixiyaa adeeg ku salaysan daruur, uma baahna qalab waxaana ilaaliya adeeg bixiyaha laftiisa.

Dab-damiska Jiilka Xiga

Jiilka xiga wuxuu noqon karaa eray marin habaabin ah. Dhammaan warshadaha ku saleysan tignoolajiyada waxay jecel yihiin inay ku tuuraan ereyada sidan oo kale ah, laakiin maxay ka dhigan tahay runtii? Nooc noocee ah ayaa u qalma firewall in loo tixgeliyo-gen-xiga?

Run ahaantii, ma jiro qeexid adag. Guud ahaan, waxaad tixgelin kartaa xalalka isku daraya noocyada kala duwan ee dab-damiska ee hal nidaam ammaan oo waxtar leh si ay u noqdaan Firewall Next-Generation^{(Next-Generation Firewall)} ( NGFW ). Dab-damiska noocan oo kale ah wuxuu awood u leeyahay in uu si qoto dheer u eego baakidhku halka uu sidoo kale ka leexiyo weerarrada DDoS , oo bixiya difaac badan oo ka dhan ah haakariska.

Inta badan Dab-damiska Jiilka Xiga ayaa inta badan isku dari doona xalal shabakado badan, sida VPN^(VPNs) -yada , Nidaamyada Ka-hortagga Faragelinta^{(Intrusion Prevention Systems)} ( IPS ), iyo xitaa antivirus hal xirmo oo awood leh. Fikradda ayaa ah in la bixiyo xal dhamaystiran oo wax ka qabta dhammaan noocyada dayacanka shabakada, siinta amniga shabakada buuxda. Si taas loo gaaro, qaar ka mid ah NGFW-yada^(NGFWs) sidoo kale waxay kala saari karaan isgaarsiinta Secure Socket Layer ( SSL ), iyaga oo u oggolaanaya inay ogaadaan weerarrada qarsoon sidoo kale.

Nooca Dab^(Firewall) - damiska^(Type) ayaa ugu Wanaagsan si loo ilaaliyo Shabakaddaada^{(Your Network)} ?

Waxyaabaha ku saabsan firewalls waa in noocyada kala duwan ee dab-damiska ay isticmaalaan habab kala duwan si ay u ilaaliyaan shabakada^{(protect a network)} .

Dab-damiska ugu fudud ayaa kaliya xaqiijiya fadhiyada iyo xidhmooyinka, iyaga oo aan waxba la samayn waxa ku jira. Dab-damisyada Gateway^(Gateway) waxay dhammaantood ku saabsan yihiin abuurista isku-xirno farsamo iyo ka hortagga gelitaanka ciwaannada IP-ga ee gaarka ah. Dab-^(Stateful) damiska dawladeed waxay la socdaan isku xirka TCP gacmahooda , iyagoo dhisaya miis dawladeed oo leh macluumaadka.

Dabadeed waxaa jira dab-damis -jiilka-xiga^{(Next-Generation)} , kuwaas oo isku dara dhammaan hababka kor ku xusan iyo kormeerka baakidh qoto dheer iyo calaamado kale oo ka mid ah sifooyinka ilaalinta shabakadaha. Way caddahay in la yiraahdo NGFW ayaa nidaamkaaga ku siin doona amniga ugu wanaagsan ee suurtogalka ah, laakiin taasi mar walba ma ahan jawaabta saxda ah.

Iyada oo ku xidhan kakanaanta shabakadaada iyo nooca codsiyada la wado, nidaamyadaagu waxa laga yaabaa inay ku fiicnaadaan xal fudud oo ka ilaalinaya weerarada ugu badan. Fikradda ugu fiican waxay noqon kartaa in la isticmaalo adeegga dab-damiska ee Cloud cid saddexaad^{(third-party Cloud firewall)} , ka-dejinta hagaajinta iyo ilaalinta dab-damiska bixiyaha adeegga.

8 Types of Firewalls Explained

Everyоne understands the baѕic function of a firewаll – to prоtect yoυr network from malware and unauthоrized access. But thе exact specifics of how firewalls work are lesser-known.

What exactly is a firewall? How do the different types of firewalls work? And perhaps most importantly – which type of firewall is best?

Firewall 101

Simply put, a firewall is just another network endpoint. What makes it special is its ability to intercept and scan incoming traffic before it enters the internal network, blocking malicious actors from gaining access.

Verifying the authentication of each connection, hiding the destination IP from hackers, and even scanning the contents of each data packet – firewalls do it all. A firewall serves as a checkpoint of sorts, carefully controlling the type of communication that’s let in.

Packet-Filtering Firewalls

Packet-filtering firewalls are the simplest and least resource-intensive firewall technology out there. While it’s out of favor these days, they were the staple of network protection in old computers.

A packet-filtering firewall operates at a packet level, scanning each incoming packet from the network router. But it doesn’t actually scan the contents of the data packets – just their headers. This allows the firewall to verify metadata like the source and destination addresses, port numbers, etc.

As you might suspect, this type of firewall isn’t very effective. All that a packet filtering firewall can do is to cut down on unnecessary network traffic according to the access control list. Since the packet’s contents themselves are not checked, malware can still get through.

Circuit Level Gateways

Another resource-efficient way of verifying the legitimacy of network connections is a circuit-level gateway. Instead of checking the headers of individual data packets, a circuit-level gateway verifies the session itself.

Once again, a firewall like this doesn’t go through the contents of the transmission itself, leaving it vulnerable to a host of malicious attacks. That being said, verifying Transmission Control Protocol (TCP) connections from the sessions layer of the OSI model takes very little resources, and can effectively shut down undesirable network connections.

This is why circuit-level gateways are often built into most network security solutions, especially software firewalls. These gateways also help mask the IP address of the user by creating virtual connections for every session.

Stateful Inspection Firewalls

Both Packet-Filtering Firewall and Circuit Level Gateway are stateless firewall implementations. This means that they operate on a static ruleset, limiting their effectiveness. Every packet (or session) is treated separately, which allows for only very basic checks to be carried out.

 A Stateful Inspection Firewall, on the other hand, keeps track of the state of the connection, along with the details of every packet transmitted through it. By monitoring the TCP handshake throughout the duration of the connection, a stateful inspection firewall is able to compile a table containing the IP addresses and port numbers of the source and the destination and match up incoming packets with this dynamic ruleset.

Thanks to this, it’s difficult to sneak in malicious data packets past a stateful inspection firewall. On the flip side, this kind of firewall has a heavier resource cost, slowing down performance and creating an opportunity for hackers to use Distributed Denial-of-Service (DDoS) attacks against the system.

Proxy Firewalls

Better known as Application Level Gateways, Proxy Firewalls operate at the front-facing layer of the OSI model – the application layer. As the final layer separating the user from the network, this layer allows for the most thorough and expensive checking of data packets, at the cost of performance.

Similar to Circuit-Level Gateways, Proxy Firewalls work by interceding between the host and the client, obfuscating internal IP addresses of the destination ports. In addition, application-level gateways perform a deep packet inspection to ensure no malicious traffic can get through.

And while all of these measures significantly boost the security of the network, it also slows down the incoming traffic. Network performance takes a hit due to the resource-intensive checks conducted by a stateful firewall like this, making it a poor fit for performance-sensitive applications. 

NAT Firewalls

In many computing setups, the key lynchpin of cybersecurity is to ensure a private network, concealing the individual IP addresses of client devices from both hackers and service providers. As we have already seen, this can be accomplished using a Proxy firewall or a Circuit-level gateway.

A much simpler method of hiding IP addresses is to use a Network Address Translation (NAT) Firewall. NAT firewalls do not require many system resources to function, making them the go-to between servers and the internal network.

Web Application Firewalls

Only Network Firewalls that operate at the application layer are able to perform deep scanning of data packets, like a Proxy Firewall, or better yet, a Web Application Firewall (WAF).

Operating from within the network or the host, a WAF goes through all the data transmitted by various web applications, making sure that no malicious code gets through. This type of firewall architecture specializes in packet inspection and provides better security than surface-level firewalls.

Cloud Firewalls

Traditional firewalls, both hardware firewalls as well as software, don’t scale well. They have to be installed with the needs of the system in mind, either focusing on high-traffic performance or low network traffic security.

But Cloud Firewalls are far more flexible. Deployed from the cloud as a proxy server, this type of firewall intercepts network traffic before it enters the internal network, authorizing each session and verifying each data packet before letting it in.

The best part is that such firewalls can be scaled up and down in capacity as needed, adjusting to different levels of incoming traffic. Offered as a cloud-based service, it requires no hardware and is maintained by the service provider itself.

Next-Generation Firewalls

Next-Generation can be a misleading term. All tech-based industries love to throw buzzwords like this around, but what does it really mean? What type of features qualifies a firewall to be considered next-gen?

In truth, there is no strict definition. Generally, you can consider solutions that combine different types of firewalls into a single efficient security system to be a Next-Generation Firewall (NGFW). Such a firewall is capable of deep packet inspection while also shrugging off DDoS attacks, providing a multilayer defense against hackers.

Most Next-Generation firewalls will often combine multiple network solutions, such as VPNs, Intrusion Prevention Systems (IPS), and even an antivirus into one powerful package. The idea is to offer a complete solution that addresses all types of network vulnerabilities, giving absolute network security. To this end, some NGFWs can decrypt Secure Socket Layer (SSL) communications as well, allowing them to notice encrypted attacks as well.

Which Type of Firewall is the Best to Protect Your Network?

The thing about firewalls is that different types of firewalls use different approaches to protect a network.

The simplest firewalls just authenticate the sessions and packets, doing nothing with the contents. Gateway firewalls are all about creating virtual connections and preventing access to private IP addresses. Stateful firewalls keep track of connections through their TCP handshakes, building a state table with the information.

Then there are Next-Generation firewalls, which combine all of the above processes with deep packet inspection and a bevy of other network protection features. It is obvious to say that an NGFW would provide your system with the best security possible, but that isn’t always the right answer.

Depending on the complexity of your network and the type of applications being run, your systems might be better off with a simpler solution that safeguards against the most common attacks instead. The best idea might be to just use a third-party Cloud firewall service, offloading the fine-tuning and upkeep of the firewall to the service provider.

Related posts

• Laqabsiga Internetka iyo Baraha Bulshada

• Laguma xidhi karo Xbox Live; Hagaaji arrinta isku xirka Xbox Live gudaha Windows 10

• Aaladaha Shabakadda Wireless-ka ee bilaashka ah ee loogu talagalay Windows 10

• Aaladda Jilitaanka Isku-xidhka Xirmooyinka Baakidhka ee Cisco Packet iyo beddelaadkeeda bilaashka ah

• Sida loo joojiyo isku-xidhka gudaha Windows Sandbox gudaha Windows 10

• Goobta Helitaanka vs. Router: Waa maxay faraqa u dhexeeya?

• 8 Mashruuc Raspberry Pi fudud ee Bilawga

• HDG wuxuu sharxayaa: Waa maxay Domain baarkinka & waa maxay faa'iidooyinkeeda?

• Sida tooska ah ee HDMI u beddelashada u shaqeyso

• Dib-u-eegis Buugaag - Isku xidhka Guriga Dhammaan-in-Hal-Miis Tixraaca Dummies

• Waa Maxay Daruurtu & Sida Looga Faa'iidaysto

• Sida Loo Hagaajiyo Khasaaraha Xidhmada & Ogow Markay Dhibaato Tahay

• HDG wuxuu sharxayaa: Waa maxay RFID & maxaa loo isticmaali karaa?

• Sida loo Qiyaaso Shuruudaha Bandwidth ee Goobaha Ganacsiga ama Shabakadda

• Sida loo hagaajiyo "Ma cusboonaysiin karo cinwaanka IP" gudaha Windows

• Sida Loo Sameeyo NAS (Kaydinta Isku Xidhan)

• Ma ku xidhi kartaa router-ka Wireless-ka, laakiin kuma xidhi kara internetka?

• 8 Siyaabo Fudud Oo La Samayn Karo Oo Lagu Cilaado Isku Xidhka Shabakada

• Waa maxay Firewall iyo maxay tahay ujeeddadiisu?

• Sida loo Helo kanaalka Wi-Fi ee ugu Wanaagsan Windows, Mac iyo Linux