Advantages Of Firewall

2357 Words10 Pages

Computer and Network security plays a vital role in preventing and as well as detecting the illegal actions taken by the users of the computer system. Nowadays confidential transactions occur very frequently, computers are used more for transmission as compared to processing of data. Firewall is one of the methods for achieving network security. It is hardware or software which has some rules and condition based on which it permits network transmission. Firewall acts as a filter for illegal access but it restricts between some collections of sets,
…show more content…
In unix operating system the user creates outgoing and incoming TCP connections via two system calls i.e., connect and accept respectively. Since any outside user can have access to these system calls therefore, some “Filtering” mechanism is required and this filtering should be based on the policy set by the administrator. Each filter can be applied either in user space or inside the kernel. Each of which has its own advantages and disadvantages.In a user level approach the application of interest has to be linked with a library that provides the right security mechanism. For example, a modified libc.The main advantage of using this approach is the operating system independence and also it doesn’t require any changes to the kernel code. However, sometimes such an approach does not guarantee that the existing applications will used the modified library, potentially leading to a major security problems.In a kernel level approach operating system requires modifications to the kernel. The main advantage of this approach is that it provides additional security mechanism i.e. transparent on the applications also it restricts us to open the source operating system like Linux and BSD. When the system call connect is issued by the user application and the kernel traps the call, a policy context associated with the connections gets created. The policy context contains all the information related to the specific connections and subsequent numbers to each such context are associated and then we start filling it with all the information that the policy daemon will need to decide whether to permit it or not. In this case the connect includes the idea of user that initiates the connection, the destination address and port and any credentials that are required through IPsec may also be added to the context at this stage. There is no limit as to the kind or the amount of the
Open Document