Firewall Systems and Data Center
Firewall Systems and Data Center
<Student Name>
<Name and Section # of course>
<Instructor Name>
<Date>
Firewall Systems and Data Center
Introduction
Firewall system is the technology, which has the objective to save the contents in a computer from the access of the unauthorized and foreign networks. Firewall systems come in the form of the hardware and software so they can be introduced to the computer in the form of the hardware and software, or both types can be incorporated in a combination. A firewall is the technology, which prevents the users who do not have authority to access the private networks, which are connected via an internet.
Moreover, the networks connected to the intranet can be made safe with the firewall systems. An intranet is the local network through which the common internet users are connected. Therefore, the messages which are received and sent through the intranet are requisite to pass through the firewall systems first.
The firewall in turn analyze the messages and do not let those messages pass through the check and enter in the private network if they are not according to the set security rules. Hence, the messages, which are unsafe, are restricted to pass through the system and get enter into the computer. Firewall systems provide the prevention and security from the unauthenticated connections, but it can analyze the users individually and cannot determine the users’ accessibility to the private network.
Firewalls are found in various types, which are as follows:
The type of the filter, which analyzes each packet, which comes in or is sent out through the network, is the packet filter of the firewall system. This filter considers the packet based on the rules and terms, which are devised by the user. Packet filtering is the effective technique but on the other hand, it is sensitive to spoofing of IP and is not easily handled. Although, it is efficient for the users.
Another process is devised within the connection in the firewall system, which only works in the circumstances when the connection pertaining to TCP or UDP is formed. When the connection is constructed, there is no further restriction for the packets to enter to the user computer and can flow without any further checking. This kind of process is called as the circuit-level gateway application because it requires the connection to be developed.
The firewall acts as a proxy server in order to protect the user computer from the unknown networks. A proxy server is a gate, which does not display the real address of the network, which is being connected to the computer.
Therefore, a proxy server conducts the tasks as connects the server after connecting to the internet, and requests for the pages needed. Furthermore, the proxy server is responsible to gain the data instead of the computer. The firewall system when acts as the proxy server can be set to such terms through which it only permits certain pages of the web to pass through. On the contrary, the firewall system likewise the proxy server can slow down the network since, it needs to determine the pages based on the terms set in the system in order to permit particular pages only.
Conversely, another type of the firewall system is the form of the hardware system or it can be the plug-in to the server, or software, which is developed to filter the coming data according to the provided rules of the HTTP basis. These rules are devised on the general note and applied in order to analyze many data at a time and block those, which are identified to be unauthentic. Practically, the firewall systems consume two or more than two types of the system (Knowledge Base, 2013).
Within the data centers, the necessity to incorporate the firewall systems is increased because the internet has not remained a safe entity for the private network for a user. The threats related to the internet are various and occur in multi-layers. The attackers who are indulged in attacking the private network via internet are mainly interested in the applications of the network along with its data. However, many attacks are intended to acquire the entrance into the private network or the data center. The LTM system expanded as Local Traffic Manager can provide the characteristics in terms of security, which are being served by the firewall network.
Consequently, this can be applied to the data centers, and the data center is able to render the applications and prevent its infrastructure from external threats. Hence, this feature of the system supports the customers and clients. Large-scale hacking and other attackers pave their way to target the web properties of the internet data centers and private network.
While some attacks are aimed to gain, the intellectual features or on the other hand form an outage from the service. Subsequently, an organization such as the data center has to develop the influx for its own users available and meanwhile protect the infrastructure from the daily occurring threats from such hackers.
Cisco ASA 5585-X
This system provides the benefits to the data center in order to protect the privacy. It allows the user to set various policies according to which the security can be achieved in the organization. It requires the user to set the diverse policies in their VLANs. It offers multi-gigabit prevention from hacking and other things for the large data center working for in the larger terms. The feature of interface redundancy is also available with this system. Moreover, the links are separated which are required for the links of the state and tolerance of the fault.
This system consists of the security from the threat coming from the globe, and it works beyond the perimeter of the user. The IPS abilities are provided in the series in this system. It has the ability to protect the data center from more than ten thousands of threats. Moreover, it has the capability to detect and protect the millions of unknown threats. In addition to this, before the presence of the signs for a threat, this system detects the threat to the data center and warns the user. In this way, the protection can be managed before the onset of the issue (Design Guide, 2010).
Fortigate-3950
This system consists of the hardware, which contains the ability to high performance. This system offers above 120 GB seed for the links. In this manner, the security never gets the impact. Moreover, this system possesses a modular and the form factor for saving space. It also contains the expansion in its FMC which is the beneficial feature since, it permits the user in the data center for the network which is unique among others network. FMC modules can be incorporated in number in order to speed up the firewall system and efficiency. This system is capable of facing the diversified threats of today’s era due to the presence of the FortiOS system. It is the system, which provides more security tools within the range of the cost. Therefore, it has lower cost as compared to other systems of security.
The presence of the FortiAnalyzer and the FortiManager helps the system in centralizing the reports and management. Consequently, the security is monitored and managed centrally and simplified. The connection with the FMC is made possible due to the ISF o 240 Gbps. Hence, the connectivity is never hampered and, therefore, more FMC can be used in the ports available. Furthermore, the combination of FMC and ISF allows the usage of and resource for the processing of the threat from any FMC port. The high performance of this system is the result of the FMC integration with the FortiASIC processors, which comprise of the additional interface for the network. Similarly, this feature also increases the port density (Datasheet, 2013).
MacAfee Firewall Enterprise
This system is involved in the protection of the data pertaining to the health care, financial and customer, etc. consequently, this system maintains the security of the important data in order to maintain the privacy of the people whose data is incorporated. Besides, it is also used for the data centers, email, and web servers. The policies in this system allow the control of the unwanted data, blocks and eliminate the threats, and secure the connection with the undesired traffic of web.
McAfee includes many distinct features such as, identification of the application used by the user, global intelligence that is based on the reputation, automatic action for the threats, inspection for the traffic, prevention from the intrusion, and filtering of the content passing on through the network. These features are available in this system without any addition to the charges. Hence, the organizations working with the critical data and assets can acquire benefit from this system since; it is designed to grant the high level of security within the network and defense against the threats (McAfee, 2015).
Juniper Net screen
This system is integrated with the IPSec VPN services in order to make the system able to protect the data center from the attack on the application. They provide the connectivity to the LAN/WAN and can be used for the small, large or moderate level of organization. For providing the security, this system contains virtualization, high performance, and modules. The integration of the intrusion detection and the ISG series prepares the system to provide protection against the traffic within the network and its segments.
For the data center, which requires the protection system on larger terms, the juniper Net screen comes with the multi-gigabit performance with the series of 5000. The management of this system is operated centrally hence, for the large organization; the security management becomes easy and can acquire more benefits in the operation.
Conclusion
The firewall systems are the source of the protection and security for the data centers in order to provide a threat free connection to the users. However, the emergence of different problems in the systems needs to get fixed.
Therefore, different solutions are evolved within the system for the improvement and named differently since; they have different features. The comparison among these systems reveals that all systems are significant, and the usage depends on the requirement of the security.
References
Datasheet (2013). fortiGate-3950B 10-GbE Consolidated Security Appliance. Fortinet. Retrieved from http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/design_guide_c22-624431.html on 10th April 2015.
Design Guide (2010). Cisco ASA 5585-X in the Data Center. Cisco. Retrieved from http://www.fortinet.com/sites/default/files/productdatasheets/FortiGate-3950B.pdf on 10th April 2015.
Knowledge Base (2013). What is a Firewall? The Trustees of Indiana University. Retrieved from https://kb.iu.edu/d/aoru on 1st April 2015.
McAfee (2015). McAfee for Business. 2014-2015 McAfee. Inc. Retrieved from http://www.mcafee.com/us/products/firewall-enterprise.aspx on 10th April 2015.
https://www.cisco.com/c/dam/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/prod_white_paper0900aecd80350d4e.pdf
Leave a Reply
Want to join the discussion?Feel free to contribute!