Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Present Situation and Development Trend of firewall products     - Linux shell script under the use of randomly generated passwords (Programming)

- Oracle 11g on Linux system boot from the startup settings (Database)

- Regular expressions in Perl (Programming)

- Oracle 11g R2 RAC RMAN backup script example (Database)

- MySQL 5.7 perfectly distributed transaction support (Database)

- C ++ sequence containers basics summary (Programming)

- Confrontation dragged Library - Web front-end encryption slow (Linux)

- IOS interview questions Summary (Programming)

- IP configuration under Linux (Linux)

- Git you do not know about some of the things (Linux)

- Linux modify environment variables method (Linux)

- MongoDB3.0.6 wiredtiger MMAPv1 (Database)

- Installation and configuration under Linux SVN server - Backup - Recovery - Scheduled Tasks (Server)

- 24 Docker recommendations (Linux)

- Linux server security settings to close unused ports (Linux)

- Use the command line MySQL database backup and recovery (Database)

- Ubuntu Tutorial: How to Upgrade a New Linux Kernel 3.12.7 on Ubuntu (Linux)

- C language to view various types of data size (Programming)

- Share Practical Tutorial GitHub (Linux)

- Linux disk virtualization (Linux)

  Present Situation and Development Trend of firewall products
  Add Date : 2017-04-13      
  A firewall is a security network the first barrier, the market share of the largest security technology is more mature. Architectural hardware firewall products are mainly divided into three categories: the X86 architecture, represented by a general purpose processor, AISC (ASIC) architecture and recent NP (Net Processor) architecture.

Firewall features

From the firewall function, it mainly includes the following aspects: access control, access control applications such as ACL, NAT; VPN; routing, authentication and encryption, logging, management, and attack defense.

To meet the diverse networking requirements, and reduce the need for other special equipment, thus reducing network construction costs, the firewall also often incorporated other network technologies, such as support for DHCP server, DHCP replay, dynamic routing, support for dial-up, PPPOE and other characteristics; support for WAN port; support transparent mode (bridge mode); support for content filtering (such as URL filtering), anti-virus and IDS functions.

State detection technology

State detection technology to monitor each connection initiated the whole process to the end, for some protocols, such as FTP, H.323 and other protocols, stateful protocol, the firewall must be analyzed for these protocols, in order to know what time, from which direction and allow specific connections into the close.

Stateful firewall can decode a specific protocol, so security is better. Some firewalls can FTP, SMTP and other malicious commands detection and filtering, www.britepic.org but because the application layer decoding analysis, processing speed is slow, for some firewall adaptive mode, the process is fast .

Another feature is a stateful firewall, when detecting SYN FLOOD attack, will start the broker. At this time, if it is forged source IP sessions, because they can not complete the three-way handshake, the attack packets will not reach the server, but normally accessed packets are still reachable.

Technology Trends

The future development trend of the firewall is toward high-speed, multi-functional, safer direction.

Can be seen from the results of previous tests at home and abroad, is currently a lot of limitations firewall is fast enough. Application of ASIC, FPGA and network processor is the main way to achieve high-speed firewall, in which the best use of network processors, because the network processor microcode programming, you can upgrade at any time according to need and can even support IPV6, and other methods to not so flexible.

High-speed firewall, the algorithm is also a key, because the network processor integrates a number of hardware co-processing unit, it is easier to achieve high speed. For pure CPU firewall, there must be support algorithms, such as ACL algorithm. Some of the current application environment, frequently hundreds or even tens of thousands of application of the rules, no algorithm support for stateful firewall, establishing a session of speed will be very slow.

Limited by the prior art, there is no valid application layer for high-speed detection method, there is no Which chip can do this. Therefore, the firewall is not suitable for integrated content filtering, anti-virus and IDS functionality (IDS transport layers except these detection CPU consumption is small). For IDS, the most common way is to mirror the traffic on the network IDS processing equipment, to avoid large traffic caused by network congestion. In addition, many application layer vulnerabilities, attack signature database needs frequent upgrades, the network exit key position in the firewall, so frequently upgrade is unrealistic.

One is the development direction of multifunction firewalls, routers and firewalls, given the current prices are high, the network environment has become increasingly complex, general users always want more features firewall support, networking and saving to meet investment needs. For example, WAN port firewall support, does not affect the security, but it can save users a router, in some cases; some routers support the protocol, such as routing, dial-up, etc., can better meet the networking needs; support IPSEC VPN, you can use the Internet to set up a dedicated security channel, safe and saving green investment.

Firewall future operating system will be more secure. With the development of algorithms and chip technology, the firewall will be more involved in the application layer analysis for the application to provide a more secure protection.
- Three strategies to teach you to release the device memory (Linux)
- configuration ssh without password under Linux (Linux)
- How to Install Android Studio on Ubuntu 15.04 / CentOS7 (Linux)
- Linux ldconfig command (Linux)
- Linux kernel update error, update-initramfs: failed Solution (Linux)
- Linux uses shared memory communication process synchronization Withdrawal (Programming)
- How Vim playing a mature IDE (Linux)
- How to improve the performance of Ruby On Rails (Linux)
- CentOS 6 / Linux su: Unable to set user ID: Resource temporarily unavailable (Linux)
- Android HTTP request with Get Information (Programming)
- MySQL Study of --Percona Server 5.5 Upgrade 5.6 (Database)
- Oracle Listener can not start (TNS-12555, TNS-12560, TNS-00525) (Database)
- Use XtraBackup be physical standby database MySQL (Database)
- Qt shared memory interprocess communication (Programming)
- 64-bit Ubuntu 15.10 How to compile the latest version of the 32 Wine 1.7.53 (Linux)
- Oracle table space create large files (Database)
- Python Django model within the class meta Detailed (Programming)
- MySQL dual master configuration (Database)
- Share Java-based multithreading file case (Programming)
- Installing Linux and Windows 10 dual system (Linux)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.