Detailed explanation of Intelligent firewall technology

This article puts forward the intelligent firewall, this kind of firewall is smarter and smarter, overcomes the traditional firewall's "one tube to die, one puts on the chaos" condition, the revision above firewall's important assumption is "refuses to guarantee the security, releases also must guarantee the security". The new smart firewall changes the concept of "exit" to the concept of "gateway", and all packets passing through the "gateway" must be inspected by the firewall. In contrast to the data matching inspection techniques used in traditional firewalls, the new intelligent firewall uses AI recognition technology to determine access control. Intelligent firewalls are more secure and more efficient than traditional firewalls.

Firewalls have been widely accepted by users and are becoming a major network security device. Firewalls delineate a range of protection and assume that the firewall is the only exit, and then the firewall decides whether to release or block incoming packets. The traditional firewall has a major theoretical assumption that if a firewall rejects the passage of some packets, it must be safe because the packets have been discarded. But in fact the firewall does not guarantee that the approved packets are secure, and the firewall cannot tell the difference between a normal service packet and a malicious packet, so the administrator is required to ensure that the packet is secure. The administrator must tell the firewall what to pass, and since the administrator says it must be passed, the firewall allows the package to pass according to the rules you set, so that the administrator must assume the security responsibility of the policy error. However, this assumption of the traditional firewall is not appropriate for network security, and the security effect is not good. Handing security responsibility to the security administrator does not actually solve the security issue. A new generation of firewalls should enhance the security of the release data, because the real demand for network security is to ensure security, but also to ensure the normal application.

First, the traditional firewall technology introduction

The current firewall, both technically and product development process, has experienced five stages of development. The first generation of firewall technology is almost simultaneous with routers, using packet filtering (Packet filter) technology. In the 1989, Dave Presotto and Howard Trickey of Bell Labs introduced a second-generation firewall, the circuit-layer firewall, and presented a preliminary structure of the third generation firewall, the application-layer firewall (proxy firewall). The third generation firewall is accurate, the U.S. Department of Defense believes that the first and second generation of firewalls are not enough security, hoping to check the application, and then funded the development of the famous ' tis firewall suite. The fourth generation Firewall was 1992, the Bobbraden of the USC Information Academy developed a fourth generation firewall based on dynamic packet filtering (dynamical packet filter) technology, which later evolved into the current state monitoring (Stateful inspection) technology. In 1994, Israel's checkpoint company developed the first commercially available product to adopt this technology. Fifth generation Firewall is 1998, NAI introduced an adaptive proxy (adaptive proxy) technology, and in its product Gauntlet Firewall for NT, to give the proxy type of firewall given a new meaning. The research of Advanced application agent (Advanced application proxy) overcomes the contradiction between speed and security, which can be called the fifth generation firewall.

The former five Dynasties firewall technology has a common feature, is to adopt one-way matching method, the computation amount is too big. Packet filtering is the matching check of IP packets, the state detection packet filtering in addition to the package to match the check of the state information to carry out matching check, application agent to the application protocol and application data matching check. Therefore, they all have a common flaw, the higher the security, the more the inspection, the lower the efficiency. Using a law to describe, is the firewall security and efficiency is inversely proportional.

Ii. main security issues left over by traditional firewalls

No one suspects that the firewall occupies the first place in all security device purchases. But the traditional firewall does not solve the network main security problem. The three main problems of network security today are network attacks with denial of access (DDOS) as the primary purpose, virus propagation with worm (worm) as its main representative, and content control based on spam e-mail (SPAM). These three security issues occupy more than 90% of the network security issues. And these three big problems, not smart firewall can do nothing.

According to a joint report by the Federal Bureau of Investigation (FBI) and the Computer Crime Investigation Agency (CSI) in 2003, more than 50% of respondents admitted being subjected to a denial of access attack and 80% of respondents were attacked by the virus. Spam emails are more rampant, and IDC estimates that by 2006, the world will send more than 20 billion spam messages a day.

Can the traditional firewall solve the above three problems? The answer is in the negative. The reason has three, one is the traditional firewall's computational ability limit. The traditional firewall is at the cost of high strength inspection, the higher the strength of the inspection, the greater the cost of calculation. The second is the traditional firewall access control mechanism is a simple filtering mechanism. It is a simple conditional filter that does not have intelligent capabilities to resolve complex attacks. The third is that traditional firewalls cannot distinguish between good and malicious behavior. This feature determines that the traditional firewall does not resolve malicious attack behavior.

Traditional firewall manufacturers argue that these three issues should not be resolved by firewalls. But user surveys show that more than 80% of users advocate firewalls to help them solve these three major problems.

Third, the next generation of intelligent firewall

The smart Firewall is relative to the traditional firewall, as the name suggests, smarter and more intelligent. Many users are very receptive to the concept of intelligent firewall, in their eyes, not smart is not reliable insecure, find a smart bodyguard, you feel safe? The traditional firewall exists many problems, the user is often difficult to understand. Users often ask why firewalls do not prevent hackers from attacking. Security experts use recorded data to analyze, at a glance to find the hacker's attack, why firewall not? The reason is that the traditional firewall is a simple mechanism for the implementation of mechanical security policy.

The intelligent firewall from the technical characteristic, is uses the statistical, the memory, the probability and the decision intelligent method to identify the data, and achieves the access control the goal. The new mathematical method eliminates the massive computation required by the matching inspection, discovers the characteristic value of the network behavior efficiently, and directly carries on the access control. Because these methods are mostly used in the artificial intelligence discipline, it is also called the Intelligent firewall.

A typical example can illustrate how important smart firewalls are to network security. The traditional firewall to check the package, just like the recognition of human appearance, using image recognition. Converts a person's appearance into an image, remembers each pixel of the image, and then checks for a match. By checking on thousands of pixels, tell you who this is. That's not how people recognize their looks. Who can identify you in real time with little calculation? This is intelligent recognition. The intelligent firewall can easily find the characteristic value of network behavior to identify the network behavior without massive computation, so it is easy to perform the access control.