Future technology development trend of firewall
With the emergence of new network attacks, firewall technology has some new trends. This is mainly reflected from the three aspects of the package filtering technology, firewall architecture and firewall system.
1. Development trend of firewall package filtering technology
(1). Some firewall vendors extend the user authentication and services used on the AAA system to the firewall to support the security policy functionality that can support user roles. This feature is very necessary in wireless network applications. Firewalls with user authentication are usually used to adopt the application-level gateway technology, and the firewall of the package filtering technology does not have. The stronger the user authentication function, the higher the security level, but its negative impact on network communication is also, because user authentication takes time, especially encrypted user authentication.
(2). Multi-level filtration technology
The so-called multi-level filtration technology refers to the firewall with multi-level filtration measures and complements to identify the means. At the packet filtering (network layer) level, filter out all source routing packets and counterfeit IP source addresses; in the transport layer level, follow the filtering rules, filter out all the protocols and / and the protocols and harmful packets such as Nuke package, Christmas tree bag, etc .; at the application gateway (Application Layer) level, you can use various gateways such as FTP, SMTP, control, and monitor the general service provided by Internet. This is an integrated filtration technology for the shortcomings of various existing firewall technology, which makes up for the shortcomings of various separate filtration techniques.
Such filtration technology is very clear in the layering, each filtration technology corresponds to different network layers, and has a lot of content to be expanded, and lay the foundation for future firewall technology development.
(3). Enable the firewall with viral protection. Nowadays, it is often referred to as "viral firewall", of course, is currently reflected in personal firewalls because it is pure software form, easier to implement. Such firewall technology can effectively prevent the spread of viruses from spreading in the network, more active than waiting for the attack. Firewalls with viral protection can greatly reduce the company's losses.
2. Development trend of architecture of firewall
With the increase in network applications, higher requirements are put forward on network bandwidth. This means that the firewall can process data at very high rates. In addition, in the next few years, multimedia applications will be more common, it requires that the delay brought about by the firewall is small enough. In order to meet this needs, some firewall manufacturers have developed ASIC-based firewalls and network processor-based firewalls. From the perspective of execution speed, the firewall based on the network processor is also software-based solutions. It needs to be largely dependent on the performance of the software, but because there are some specializes in handling data level tasks in such firewalls. Engine, thereby alleviating the burden of the CPU, and the performance of this type of firewall is much better than the traditional firewall.
Compared to the ASIC-based pure hardware firewall, the network processor-based firewall has software color and is more flexible. ASIC-based firewall uses a special hardware processing network data stream, which has better performance than the first two types of firewalls. But the ASIC firewall of pure hardware lacks programmability, which makes it lacking flexibility, causing the rapid development of firewall function. The ideal solution is to increase the programmability of the ASIC chip that makes it better with the software. Such a firewall can meet simultaneous requirements from flexibility and operating performance.
3. System management development trend of firewall
The system management of the firewall also has some development trend, mainly reflected in the following aspects:
(1). First, centralized management, distributed and hierarchical security structures are future trends. Centralized management can reduce management costs and guarantee the consistency of security policies in large networks. Quick response and rapid defense also require a centralized management system. At present, this distributed firewall has long been developed in Cisco (Cisco), 3COM, etc., which is also called "distributed firewall" and "embedded firewall". About this new technology will be described in detail below. (2). Powerful audit function and automatic log analysis function. The application of this two points can earlier find potential threats and prevent attacks. The log feature can also be aware of the security vulnerabilities in the system to effectively discover the security vulnerabilities in the system, and adjust the management of security policies in a timely manner. However, the firewall with this function is usually relatively advanced, and the early static package filter firewall does not have.
(3). Systemification of network security products
With the development of cybersecurity technology, there is now a proposed law called "establish a network security system with firewall as the core". Because we found in reality, only existing firewall technology is difficult to meet current network security needs. By establishing a security system with a firewall, multi-channel security lines can be deployed for internal network systems, and the various security technologies have to defend foreign invasion from all aspects.
As the current IDS device can be well combined with the firewall well. In general, in order to ensure that the system's communication performance is not affected by the security device, the IDS device cannot be placed in the network entrance as a firewall, and can only be placed in the bypass location. In actual use, the task of IDS is often not only inspected. Many times, after IDS discovers intrusion, IDS itself needs to curb the invasion. Obviously, it is too difficult to complete this task to complete this task, and the main link cannot be connected to too many similar devices. In this case, if the firewall can join the relevant security products such as IDS, virus detection, give full play to their strengths, cooperate together, and jointly establish an effective security system, then the security of the system network can be significantly improved. .
There are currently two solutions: one is directly "do" to the firewall directly to the firewall, so that the firewall has the function of IDS and viral detection equipment; the other is to discrete, through some kind of communication method To form a whole, once the safety event is found, the firewall is immediately inform to complete the firewall to complete the filtration and report. It is currently more valued because it is much easier than the previous way.
Third, distributed firewall technology
A new firewall technology has been mentioned earlier, that is, distributed firewall technology has gradually emerged, and has achieved realization in some major network equipment developers abroad. Due to its superior safety protection system, it is in line with future development trends. Therefore, this technology has been recognized and accepted by many users. Let's introduce this new type of firewall technology.
Because the traditional firewall is set in the network boundary, the external Internet is called "Perimeter Firewall". With the improvement of network security protection requirements, the boundary firewall is obviously not from the heart, because the security threat to the network is not only external network, but more from internal networks. But the boundary firewall cannot effectively protect the internal network unless all hosts are installed, this is impossible. Based on this, a new type of firewall technology is generated by the Distributed Firewalls technology. It can solve the deficiencies above the boundary firewall, of course, not to install a firewall for each pair of road hosts, but extends the security protection system of the firewall to each pair of platforms in the network. On the one hand, it is effective to ensure that the user's investment is not very high, and the security protection caused by the other hand is very comprehensive. We all know that traditional boundary firewalls are used to restrict information access, transfer operations between the internal networks (usually the Internet), where it is located, and the location there is between the internal network and the external network. In fact, all different types of firewalls that have previously appeared, from simple package filters in the application layer agent, to adaptive agents, is based on a common assumption, that is, the firewall regards users on the internal network as trusted trustworthy. And users at one end of the external network are treated as potential attackers. The distributed firewall is a host resident security system. It is a host as a protective object. Its design philosophy is that any user access other than the host is invisible, and it needs to be filtered. Of course, in practical applications, it is not required to install such a system in the network, which will seriously affect the network's communication performance. It is usually used to protect key node servers, data and workstations in enterprise networks from illegal intrusion.
