Why should use a firewall?

The firewall is the network security barrier: 　　A firewall (as chokepoint, control point) can enhance an internal network enormously the security, and through filters the unsafe service to reduce the risk. Because only then undergoes the careful choice the application agreement to be able through the firewall, therefore the network environment becomes safer. If the firewall may forbid such as the well known unsafe NFS agreement to pass in and out is protected the network, like the exterior aggressor is impossible to use these frail agreements to attack the internal network. At the same time the firewall may protect the network to be exempt from based on route's attack, like in IP option source route attack and ICMP heavy direction detection heavy directional way. The firewall should be possible to reject all above type attack the text and informs the firewall manager. 　　The firewall may strengthen the cyber security policy: 　　Through take the firewall as the central safety program disposition, can possess the security software (for example password, encryption, status authentication, audit and so on) to dispose on the firewall. With disperses the network security problem to each main engine on compares, firewall's centralism safety control is more economical. For example when network visit, a dense password system and other status authentication system definitely may not need to disperse on each main engine, but concentrates on a firewall body. 　　Carry on the monitoring audit visit to the network access and: 　　　　If under all visits after the firewall, that the firewall can record these to visit and to make the diary record, simultaneously can also provide the network service condition the statistical data. When has the suspicious movement, the firewall can carry on the suitable warning, and provides the network whether to receive the monitor and the attack detailed information. Moreover, collects a network the use and misuses the situation is also very important. The first reason is may the clear firewall whether can resist aggressor's survey and the attack, and clear firewall's control to be whether sufficient. But the network use statistics and so on speaking of the network demand analysis and the threat analysis are also very important.