A system may often use multiple authentication methods to control data access, particularly because hackers are often persistent and ingenious in their efforts to gain unauthorized access. A second layer of defense can be a firewall , a device (e.g., a computer) placed between an organization's network and the Internet. This barrier monitors and controls all traffic between the Internet and the intranet. Its purpose is to restrict the access of outsiders to the intranet. A firewall is usually located at the point where an intranet connects to the Internet, but it is also feasible to have firewalls within an intranet to further restrict the access of those within the barrier.
There are several approaches to operating a firewall. The simplest method is to restrict traffic to packets with designated IP addresses (e.g., only permit those messages that come from the University of Georgia–i.e., the address ends with uga.edu). Another screening rule is to restrict access to certain applications (e.g., Web pages). More elaborate screening rules can be implemented to decrease the ability of unauthorized people to access an intranet.
Implementing and managing a firewall involves a tradeoff between the cost of maintaining the firewall and the loss caused by unauthorized access. An organization that simply wants to publicize its products and services may operate a simple firewall with limited screening rules. Alternatively, a firm that wants to share sensitive data with selected customers may install a more complex firewall to offer a high degree of protection.
- 瀏覽次數:1722
