Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Present Situation and Development Trend of firewall products     - Ftp user to create multiple virtual machines to support different access rights Examples (Server)

- CentOS7 installation configuration (Server)

- VirtualBox virtual machine can not start to solve under Ubuntu (Linux)

- Java implementation heap sort (large root heap) (Programming)

- MySQL 5.5 on master-slave copy filter (Database)

- C ++ sequence containers basics summary (Programming)

- Java generate two-dimensional code by Zxing (Programming)

- phpinfo (): like phpinfo as a Python script (Programming)

- MariaDB database storage path modify configuration issues (Database)

- Linux iptables: Composition Rules (Linux)

- Boot-Repair Tool - repair of frequent start-up problems (Linux)

- APF firewall installation and configuration under Linux (Linux)

- The istgt PSD on ported to Mac OS X (Linux)

- Linux more efficient than select a model epoll (Linux)

- About AWR More Description (Database)

- Share Java-based multithreading file case (Programming)

- Ubuntu install OpenMPI (Linux)

- MyCAT log analysis (Database)

- MongoDB 2.6 deployment replica set + partitions (Database)

- Linux Apache server security (Linux)

 
         
  Present Situation and Development Trend of firewall products
     
  Add Date : 2017-04-13      
         
       
         
  A firewall is a security network the first barrier, the market share of the largest security technology is more mature. Architectural hardware firewall products are mainly divided into three categories: the X86 architecture, represented by a general purpose processor, AISC (ASIC) architecture and recent NP (Net Processor) architecture.

Firewall features

From the firewall function, it mainly includes the following aspects: access control, access control applications such as ACL, NAT; VPN; routing, authentication and encryption, logging, management, and attack defense.

To meet the diverse networking requirements, and reduce the need for other special equipment, thus reducing network construction costs, the firewall also often incorporated other network technologies, such as support for DHCP server, DHCP replay, dynamic routing, support for dial-up, PPPOE and other characteristics; support for WAN port; support transparent mode (bridge mode); support for content filtering (such as URL filtering), anti-virus and IDS functions.

State detection technology

State detection technology to monitor each connection initiated the whole process to the end, for some protocols, such as FTP, H.323 and other protocols, stateful protocol, the firewall must be analyzed for these protocols, in order to know what time, from which direction and allow specific connections into the close.

Stateful firewall can decode a specific protocol, so security is better. Some firewalls can FTP, SMTP and other malicious commands detection and filtering, www.britepic.org but because the application layer decoding analysis, processing speed is slow, for some firewall adaptive mode, the process is fast .

Another feature is a stateful firewall, when detecting SYN FLOOD attack, will start the broker. At this time, if it is forged source IP sessions, because they can not complete the three-way handshake, the attack packets will not reach the server, but normally accessed packets are still reachable.

Technology Trends

The future development trend of the firewall is toward high-speed, multi-functional, safer direction.

Can be seen from the results of previous tests at home and abroad, is currently a lot of limitations firewall is fast enough. Application of ASIC, FPGA and network processor is the main way to achieve high-speed firewall, in which the best use of network processors, because the network processor microcode programming, you can upgrade at any time according to need and can even support IPV6, and other methods to not so flexible.

High-speed firewall, the algorithm is also a key, because the network processor integrates a number of hardware co-processing unit, it is easier to achieve high speed. For pure CPU firewall, there must be support algorithms, such as ACL algorithm. Some of the current application environment, frequently hundreds or even tens of thousands of application of the rules, no algorithm support for stateful firewall, establishing a session of speed will be very slow.

Limited by the prior art, there is no valid application layer for high-speed detection method, there is no Which chip can do this. Therefore, the firewall is not suitable for integrated content filtering, anti-virus and IDS functionality (IDS transport layers except these detection CPU consumption is small). For IDS, the most common way is to mirror the traffic on the network IDS processing equipment, to avoid large traffic caused by network congestion. In addition, many application layer vulnerabilities, attack signature database needs frequent upgrades, the network exit key position in the firewall, so frequently upgrade is unrealistic.

One is the development direction of multifunction firewalls, routers and firewalls, given the current prices are high, the network environment has become increasingly complex, general users always want more features firewall support, networking and saving to meet investment needs. For example, WAN port firewall support, does not affect the security, but it can save users a router, in some cases; some routers support the protocol, such as routing, dial-up, etc., can better meet the networking needs; support IPSEC VPN, you can use the Internet to set up a dedicated security channel, safe and saving green investment.

Firewall future operating system will be more secure. With the development of algorithms and chip technology, the firewall will be more involved in the application layer analysis for the application to provide a more secure protection.
     
         
       
         
  More:      
 
- Ubuntu: To install chat client Chatty 0.6.1 (Linux)
- How to Install 3.16.7 CKT2 kernel in Ubuntu 14.10, Ubuntu 14.04 and its derivative versions (Linux)
- blecat: Bluetooth Gadgets (Linux)
- Linux RAID Set RAID 10 or 0 + 1 (Linux)
- Linux Command study manual - GPG command (Linux)
- Make full use of the Raspberry Pi SD card space (Linux)
- Wireshark basic introduction and learning TCP three-way handshake (Linux)
- Graphics of Java Tools (Programming)
- Kernel compile under Debian (Linux)
- How to allow users to access only a specific database (MSSQL) (Database)
- Ubuntu 14.10 PPA installed Android Studio (Linux)
- MySQL event table to achieve timing build a small note (Database)
- iscsiadm command usage (Linux)
- 10 easy to use Linux utilities Recommended (Linux)
- Android using SVG vector graphics to create cool animation effects (Programming)
- To install and deploy Java applications under CentOS 6.5 (Linux)
- Oracle Enterprise Linux 64-bit install apache-tomcat-7.0.53 step (Server)
- Oracle inverted reverse function (Database)
- Retro terminal in Linux (Linux)
- Linux port scanning (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.