How to select a Server software firewall (2)

Windows system: KfW

function Introduction:

KfW Shield Firewall website is a security platform for a variety of web sites, information platforms, Internet services, etc., integrated with a variety of functional modules.

The software is a complete knowledge of the copyright firewall, the use of the most advanced third-generation firewall technology "DataStream fingerprint Inspection" data stream fingerprint detection technology, and the enterprise firewall Check Point and Cisco the same, The ability to detect the status of all layers in a network protocol, effectively prevent attacks such as dos,ddos, and protect your servers from hackers and intruders from the Internet, Destruction. Through the most advanced enterprise-class firewall technology, providing a variety of enterprise-class functions, powerful, complete, low prices, is currently the world's highest performance price of the network firewall products.

Feature List:

1. Packet Rule filtering

2. Data Flow fingerprint detection filter

3. Packet Content Customization Filter

4. Gateway Routing Support

5. Nat function (support FTP PASV and port, support the IRC, such as DDC dynamic port mode, install the firewall do not need to set PASV port)

6. Port mapping function

7. Flow control

8. Use the most advanced data stream fingerprint technology, provide powerful DOS (denial of service) attack protection, complete protection of various known and unknown Dos attacks.

9. Flow Analysis and monitoring

10. Real-time Access connection monitoring

11. Support the establishment of the DMZ area

12. Account number, authority management

13. Distributed Management

Technical advantages and Characteristics:

KfW Shield Firewall System is a comprehensive, innovative, high security, high-performance network security system. It guards the enterprise network according to the security rules set by the System Manager, provides the formidable access control, the state detection, the network address translation (network addresses translation), information filtering, flow control and other functions. Provide complete security settings, access control through High-performance network core.

Server Gateway Firewall: ISA Server 2004

If this is the second case, the server to do the gateway, you need a powerful and able to implement the entire LAN protection of professional firewall software, such software is not many, Microsoft ISA Server 2004 is a very good representative product:

ISA Server 2004

function Introduction:

Following ISA Server 2000, Microsoft released the latest ISA Server 2004, which is an award-winning product, whether relative to its predecessor, ISA Server 2000, or relative to other firewalls or proxy server products, which is now Microsoft not only provides ISA Server 2004 in the form of software, but also has third-party products in the form of hardware, such as HP ProLiant DL320.

Today's network security has become an issue that needs to be addressed, and Microsoft's ISA 2004 is handy for small units or individuals to build secure and efficient Web sites (for stand-alone servers). ISA 2004 is much more functional than ISA 2000, and ISA 2004 introduces multiple network support, Easy-to-use and highly integrated virtual private network configuration, expanded and extensible user and authentication models, and improved management capabilities. ISA 2004 provides several suitable network deployment scenarios that can easily solve many network deployment problems, we strongly recommend ISA2004, after the installation of the network shut down, the LAN's other computers do not need to install other firewalls, very easy to use.

New features:

1. Multi-Network

Multi-Network configuration: You can configure one or more networks, and each network has a clear relationship with other networks. Unique per-Network policy: Using the new multi-network capabilities of ISA server, you can protect your network from internal and external security threats by restricting communication between clients (and even clients within your organization). Routing and NAT network relationships: You can use ISA server and define routing relationships between networks based on the access and traffic you need.

2. Security and firewall policies

Supports complex protocols that require multiple primary connections: Protocols that are required for many streaming media, voice applications, and video applications. Custom protocol Definition: You can control the source port number and destination port number used for any protocol that creates a firewall policy rule. Authentication: Users can be authenticated using built-in Windows, RADIUS, RSA SecurID authentication, or other namespaces. Network objects: You can define network objects, including computers, networks, network sets, address ranges, subnets, computer sets, and domain name sets. Firewall policy rules represent an ordered list: The firewall policy rule represents an ordered list in which the connection parameters are first compared to the topmost rule in the list.

Outlook Web Access Publishing Wizard: Provides steps for creating Secure Sockets Layer (SSL) virtual private Network (VPN) for Outlook Web Access for Exchange servers. FTP Support: You can access Internet File Transfer Protocol (FTP) servers that listen on other port numbers without having to make a special configuration on the client or ISA server computer. Port redirection for server publishing rules: You can receive connections on one port number and redirect requests to another port number on the published server.

Secure Web Publishing: You can place a server behind a firewall in your corporate or perimeter network and securely publish its services. HTTP 1.1 Support: ISA Server is an HTTP 1.1 client when connecting to an upstream server.

3. Virtual Private Network

VPN Management: ISA Server contains a fully integrated virtual private network mechanism, which is based on server 2003/2000. Status filtering and checking for VPNs: Because the VPN client is configured as a stand-alone network, you can create a separate policy for the VPN client. Secure NAT: The firewall Policy engine checks requests from VPN clients differently, states filters and checks for those requests, and dynamically opens connections based on access policies.

Stateful filtering and checking through a site to site VPN tunnel: ISA Server introduces stateful filtering and checking for all traffic that is moved through Site-to-site VPN connections. VPN Quarantine Control: VPN clients can be quarantined on separate networks until they meet a predefined set of security requirements. IPSec tunneling mode support for site to site VPN Links: ISA Server provides site to site link support by allowing IPSec tunneling mode to be used as a VPN protocol.

VPN monitoring and logging: You can monitor the activities of VPN clients and remote VPN networks, just as you would for any other ISA Server client.

4. Monitoring

Dashboards: Views summarize monitoring information about sessions, alerts, services, reports, connectivity, and general system health. Live monitoring in the log Viewer: Firewall and WEB proxy logs can be viewed in real time. Built-in log query (filter): You can use the built-in Log query tool to query log files. Real-time monitoring and filtering for sessions: You can view all active connections.

Connectivity Verifier: You can verify connectivity by regularly monitoring connections to specific computers or Uniform Resource Locator (URLs) by using connection validators from the ISA server computer. Report Publishing: You can configure the ISA server Reporting task to automatically save a copy of the report to a local folder or to a network file share. Log to MSDE database: Logs can now be stored in MSDE format.

5. Plugin

HTTP filtering based on each rule: ISA server's HTTP policy enables the firewall to perform in-depth HTTP status checks (application layer filtering). Block access to all executable content: You can configure the ISA server's HTTP policy to block all connection attempts to Windows executable content, regardless of the file name extension used on the resource. Apply HTTP filtering to all ISA Server client connections: ISA Server can use MIME Enter (for HTTP) or a file name extension (for FTP) to block access to content from HTTP or FTP connections based on a WEB proxy client. Control HTTP access based on HTTP signature: You can create an HTTP signature and compare it to the request URL, the request header, the request body, the response header, and the response body.

Enforce secure Exchange RPC connections from full Outlook MAPI clients: Using the ISA server's RPC policy, you can block all unencrypted Outlook MAPI client connections. FTP policy: The FTP policy of ISA server can be configured to allow users to upload and download using FTP, or you can limit the download to only users using FTP.

Link translation: ISA server contains a necklace-switching feature so that you can create a definition dictionary for the internal computer name to map to a well-known name. Granular control over IP options: You can configure IP options very finely, allowing only the IP options you need, while banning all other options.