Yesterday, a friend mentioned this topic. I know that there is also a waterproof wall in the safety world, and the traditional firewall is well known because of the proliferation of the hacking virus, and the people are well known. In turn divided the network firewall, Virus firewall, document firewall, etc. Heavy in security and protection.
Google, I really found a lot of waterproof wall information, and some companies' products.
From the firewall to the waterproof wall, it can be seen as the focus of protection from the external threat to the internal threat. Of course, the security attributes are paid from integrity, usability to confidentiality, controllability. Take a look at the description below:
"The waterproof wall is here to be born, it is an intranet monitoring system, in the internal network, monitor the security status of the internal host at any time. If the fire prevention refers to preventing external threats, waterproofing means to prevent internal information Leakage. It can be seen that the waterproof wall is a very image of such an intranet monitoring system.
The simplest waterproof wall consists of probes and monitoring centers. In the *** internal network monitoring system, it consists of three-layer structure: high-level user interface layer, based on real-time network topology, providing system configuration, policy configuration, real-time monitoring, audit report, security The alarm and other functions; the low-level functional module layer consists of the probe distributed on each host; the middle-layer security service layer collects real-time information from the low layer, reports or alarms to the high level, and records the audit information of the entire system, for inquiry Or generate a report. "
Think about it, the waterproof wall generally extends the traditional documents and equipment management of OS from a single machine to the LAN scope. This is also a trend in the development of the network. Many companies have their own local area network for security considerations, and set up all kinds A firewall. And the previous information, 70% of the intrusion case is broken by the internal interior.
Implementing such a system or there should be a centralized control center, similar to CA, authorizing and verifying hosts and users on the LAN.
Now I think the problem is not moving. I will think of a safe operating system. Improve a little waterproof wall should be a natural extension of the safe operating system. All access controls within the local area network must be implemented. Since it comes to "on" Write ". Only B3 or more security operating system is difficult to develop, it is necessary to make a perfect waterproof wall difficulty will double ...
There is a less appropriate, just feel. The firewall is arbitrary access control, and the waterproof wall is forced access control.
