Discussion on the development of the hottest firew

  • Detail

Discussion on the development of firewall technology

at present, there are two views on the development of firewall in the firewall industry, that is, the so-called battle between fat and thin firewalls. One view is that to adopt division of labor and cooperation, firewalls should be lean and only do full-time work of firewalls, which can be solved by the alliance of multiple security manufacturers; Another view is to make the firewall as fat as possible and attach all security functions to the firewall as much as possible, so as to become an integrated network security platform

conceptually, the so-called "fat" firewall refers to a firewall with large and comprehensive functions, which tries to include as many security functions as possible, so as to become a security platform for user networks; The so-called "thin" firewall refers to a firewall with few but excellent functions. It only works as a full-time job of access control. For comprehensive security solutions, it adopts the way of alliance of multiple security manufacturers

"fat" technical route

"fat" firewall continuously expands value-added functions - NAT, VPN, QoS, intrusion detection, anti-virus, etc. on the premise of ensuring basic functions. "Fat" firewall tends to a single product system that pays attention to large and comprehensive functions, and tries to develop the firewall system into an overall solution of security domain. Its advantage is that it can meet the vast majority of users' network security needs

firewall is also a separate device and concept at the beginning. It stands side by side with VPN, IDS, anti-virus, etc. but with the continuous change of customer needs, under the guidance of large and comprehensive ideas, the firewall gradually integrates VPN, IDS, and even anti-virus. Theoretically, firewall +ids+ anti-virus +vpn deployment can provide more comprehensive protection, but because most users of small and medium-sized enterprises are not security experts, it is even more impossible. 7 × Monitoring security reports and responding 24 hours a day, so combining multiple product functions to form an intelligent defense system, detecting and timely stopping the occurrence of intrusion has become a development direction of security technology

in addition, for ordinary customers, buying multiple IDS, firewall, VPN and anti-virus related products is not a small financial burden, and the highly integrated IDP system greatly reduces users' similar expenses and greatly increases efficiency. Therefore, there are "two in one", "three in one" and even "four in one" products in the market. The problem it wants to solve is to reduce procurement and management costs

however, this kind of "fat" firewall currently exists more in theory, and few have been successfully applied in practice. "Fat" firewall pursues one-stop service. At present, it is only suitable for small and medium-sized enterprises, especially low-end users. Out of economic considerations and management costs, and more importantly, out of the actual needs of security, they hope that a device can achieve overall security protection for this small network, so they are very interested in this large and comprehensive "fat" thing

"fat" firewall also has obvious shortcomings. The most prominent is the performance problem. It can only focus on small-scale networks, because it forces the border security to focus on a single control point, which has the worry of performance bottleneck; Adding IDS, AV and other modules at the performance bottleneck will aggravate the bottleneck effect; At the same time, the additional module will increase the number of security policy rules and aggravate the deterioration of Firewall Performance Indicators (with the increase of rules, firewall performance indicators will decline exponentially); In addition, the additional modules are not professional and the functions are not comprehensive. Many manufacturers want to make a "fat" firewall when they initially define their products, which includes packet filtering and agents, as well as intrusion detection and anti-virus. But as they do, they slowly lose weight. Moreover, a single product has many functions, which also leads to the reduction of reliability and safety

integration should not be just a simple superposition of products. "Fat" firewall is conceptually possible, but from the perspective of technical implementation, there are many practical problems, and the possible result is more but less precision

"thin" value positioning

generally speaking, large users have extensive security needs, strong professional requirements, large security investment, and their own security management ability is also high. Therefore, such customers tend to use independent security equipment and are eager to give full play to the maximum effect of each product. Security manufacturers also try their best to tap the maximum functions of each security product. The "thin" firewall has experienced the development stages from packet filtering, application agent, state detection to deep detection, intelligent detection, and from dual computer hot standby to load balancing and ha cluster

for this kind of users, in order to meet a variety of security needs, security manufacturers usually consider taking security management as the core when designing security solutions and based on the linkage of a variety of security products, such as the comprehensive interaction between firewall and IDS and anti-virus ③ when production resumes after long-term shutdown of products; Dynamic defense system. With security management as the core, the security clearance does not need special personnel to watch at all times, does not need to manually judge the intrusion event, does not need to set a large number of blocking rules in advance, and only needs to set interactive rules in the management system according to the security requirements. The anti-virus system will immediately notify IDs to add to the rule base after discovering the virus, and the IDS system will immediately generate rules to block the intrusion after discovering the intrusion behavior, so as to automatically bring a safe information environment to users

while constantly launching professional security products such as "thin" firewalls, many powerful manufacturers have developed and launched an overall security management solution - information security management platform, such as OPSEC manager of check point company and Leadsec manager of Lenovo Group

the security management platform can establish convenient and perfect centralized management mechanism, unified coordination mechanism, comprehensive analysis mechanism and correlation response mechanism for users' network applications, and can bring significant benefits to security management in many aspects. For example, through the management platform, the linkage strategy between IDS, firewall and anti-virus system can be configured; When IDS detects a worm event, the firewall and anti-virus system in the network will immediately receive the event notification; So the firewall took action to block the virus transmission channel, and the anti-virus system entered the process of killing. The worm virus was officially stopped by Jinan experimental machine factory after the 2017 Spring Festival, and was eliminated in a limited network

the application of security management platform can make professional security products such as "thin" firewall work together and respond, so as to comprehensively improve the overall security risk prevention ability of enterprises, which is also an important reason why "thin" firewall is favored by more and more customers

of course, interface, linkage and management need flexible openness and scalability. If the combination of red shoes and green pants occurs due to improper coordination, I'm afraid it will not only be tacky for users

"fat and thin" complement each other

in essence, there is no difference between "fat and thin" firewalls, only the difference in demand. The low-end firewall is an integrated product. It can have simple security protection functions and some IDS functions, but generally it will not integrate anti-virus functions. The medium and high-end firewalls are more professional, with equal emphasis on security and access control. They mainly audit the data packets passing through the firewall, which will deepen the security and deepen the research on the protocol. At the same time, they will support a variety of general routing protocols and be more adaptable to the network topology. VPN will be integrated into the firewall as a means to establish a wide area security tunnel, but the firewall will not integrate IDs and anti-virus, These are still done by special equipment

and what do users think? They pay attention to only two aspects: one is that they need firewalls, and the other is that they need other security. However, once many large industry users conduct network security design, they will generally carry out more systematic planning. They may consider IDS, firewall, anti-virus, etc. separately and plan uniformly (maybe their funds are more abundant). This phenomenon is analogous to "fat" and "thin" firewalls, which are equivalent to the fact that these two walls have their own markets. With the development of technology, there will be a trend of partial integration and transformation of "fat and thin" firewalls, which is an important force to promote the evolution of security system and the deduction of security product form

no matter "fat" or "thin", any kind of firewall only provides more guaranteed security for network communication or data transmission, but we cannot completely rely on the firewall. Firewall technology is more about the processing of packet headers, while IDS technology and anti-virus technology are more about the processing of packet loads. VPN technology is about encrypting traffic, and it also needs Honeynet, forensics technology, etc

users' value orientation

security industry we should actively recycle waste plastics and make them into printing materials. New concepts and products continue to appear in the industry. As end users and beneficiaries, users will inevitably be confused when purchasing: how to avoid hints and inducements from all aspects? I'm afraid the only choice is to clarify the needs and grasp the reality. Of course, in the process of selection, the experience of experts and manufacturers needs to be used for reference, which is also essential. Through continuous communication and learning, enterprises' understanding of their own needs and understanding of safety will also keep pace with the times

the key to choosing a firewall is naturally to understand its own characteristics. From the perspective of it, the importance of information security has two levels. One level refers to which is the most important and which is the second in the information system shared by all enterprises; One level refers to the specific enterprise information system, which also needs to be divided into priorities. At this level, it is mainly manifested in the common characteristics of the industry to which the enterprise belongs

the first level is related to the development of enterprises. Due to the instability of developing small and medium-sized enterprises, the most important information for enterprise development should be business information resources (including customer information, technical information, market information, etc.), followed by financial information, and then other information. Large and medium-sized enterprises in the stable period pay more attention to the balanced development of enterprises, especially the people-oriented information resources, and the attention to management, process, personnel and corporate culture will be close to the attention to enterprise business and financial information

the significance of the second level is that the characteristics of the industry determine the different modes of information security systems. As a network security device, firewall must be closely combined with the application environment, and its application environment will become more comprehensive and complex. We need to focus on what environment the firewall will be used in, and what requirements these application environments put forward for the firewall, so the firewall market will be further subdivided. What is more noteworthy is that the firewall makes exquisite pricing according to the price affordability of the corresponding user group. Among them, products that focus on the small and medium-sized enterprise market place more emphasis on cost performance; From the perspective of products, there will also be corresponding subdivisions of price schemes according to different product series, core technologies and solutions. Users can realize "safety DIY" on the basis of safety customization. Only rational and pragmatic development can become a competitive brand in the market

in summary,

Copyright © 2011 JIN SHI