The evolution process of network boundary security protection thought

First, what is needed on the network boundary

People in order to solve the sharing of resources to establish a network, but the world's computer really linked to the network, security has become a problem, because on the network, you do not know where the other side, leaks, attacks, viruses ... More and more unsafe factors make network managers difficult to calm, so the network with security needs and unsafe network separate, is no way to choose, the separation formed a network of "island", no connection, security problems naturally disappeared. But unworthy is not a way, no connection, the business also cannot exchange, the network Island resources in the duplication construction, the waste is serious, and along with the information depth, runs in each network business information sharing demand is increasingly intense, for example: the Government intranet and the external network, needs to face the public service; The bank's data network and the Internet, Need to support online trading; enterprise's office and production network, the bosses of the desk can not always two terminals it; civil aviation, railways and the Ministry of Communications Information Network and the Internet, online booking and real-time information query is a convenient occurrence of inevitable ...

Network boundaries are generated by connecting networks of different security levels. Preventing intrusions from outside the network requires the establishment of reliable security measures on the network boundary. Now let's look at the security issues on the network boundary:

The security problem with the interconnection of the unsecured network is different from the internal security of the network, the main reason is that the attacker is not controllable, the attack is not traceable, there is no way to "ban", generally speaking, the security problems on the network boundary mainly have the following aspects:

1, information leaks: The network of resources can be shared, but no authorized person got the resources he should not be, information leaked. There are two ways of general information leaks:

The attacker (an unauthorized person) entered the network and obtained information, which was leaked from within the network

Legitimate users in the normal business dealings, information is obtained by outsiders, this is from the outside of the network leaks

2, Intruder attacks: The Internet is a world-class public network, the network has a variety of forces and groups. Intrusion is when someone enters your network (or other channels) through the Internet, tampering with data, or implementing sabotage, causing paralysis in your network business, which is an active, purposeful, or even organized act.

3, Network virus: and unsecured network business interconnection, unavoidably in the communication virus, once in your network attack, the business will be a huge impact, the spread of virus and seizures generally have uncertain random characteristics. This is "no opponent", "unconscious" of the attack.

4, Trojan intrusion: the development of Trojan Horse is a new type of attack, he spread like a virus as free diffusion, there is no sign of initiative, but after entering your network, you will actively contact his "master", so that the master to control your machine, can steal your network information, you can use your system resources to work for him, More typical is the "botnet."

Security issues from outside the network, focusing on protection and monitoring. From the internal security of the network, the personnel is controllable, can through authentication, authorization, audit way to track the user's behavior, that is, we say behavior audit and the audit of the track.

Due to the existence of these security risks, at the network boundaries, the most vulnerable to attack the following types:

1, Hacker invasion: The process of intrusion is covert, the result is the theft of data and system damage. Trojan's intrusion is also a kind of hacker, just invade the way to use the virus spread, achieve the same effect as the hacker.

2, virus intrusion: The virus is the network of moths and garbage, a large number of self propagation, encroachment on the system and network resources, resulting in degraded system performance. The virus has no impact on the gateway, just like "smuggling" gangs, once into the network inside, it becomes a terrible "plague", the virus intrusion way like "water" infiltration, seemingly aimless, but in fact all-pervasive.

3. Network attack: Network attack is for network boundary device or system server, the main purpose is to interrupt the network connection with the outside world, such as Dos attacks, while not destroying the data inside the network, but blocking the bandwidth of the application, can be said to be a public attack, the purpose of the attack is generally caused by your service interruption.

Second, the security concept of border protection

We can think of the network as an independent object, through its own attributes, to maintain the operation of the internal business. His security threats come from the internal and boundary two aspects: internal refers to the network of legitimate users in the use of network resources, the occurrence of irregular behavior, misoperation, malicious destruction and other acts, but also includes the system's own health, such as soft and hardware stability brought about by the system interruption. The boundary refers to the security problem caused by the network interacting with the outside world, which has invasion, virus and attack.

How do you protect the border? For a public attack, only the protection of a road, such as to deal with DDoS attacks, but for the intrusion of the behavior, the key is to identify the intrusion, it is easy to identify and block it, but how to distinguish between the normal business applications and the behavior of intruders, is the focus of border protection and difficult.

We compare the network with the security management of the society: to hold a city, to protect the safety of people's property, first of all, it is the first way to establish a wall, to separate the city from the outside world, to block all contact with the outside world, and then to build a few gates as an entry and exit checkpoint to monitor all personnel and vehicles in and out. ; To prevent an intruder from attacking, and then dug a moat outside, let the enemy's action exposed in the wide, visible space, in order to pass, in the river to put up a drawbridge, the use of the initiative to seize the hands of the road, the control of the closure of the access time is a safe second way. For the "dangerous elements" that have been quietly mixed into the city, to establish an effective security monitoring system in the city, such as everyone has ID card, the streets of the camera monitoring network, the security of the streets of the organization, every citizen is a security inspector, by the way: household registration system, crime penalty, Together with the way from the ancestors of Shang Yang began to use in Qin. As long as the intruder acts in a slightly different way, it will be immediately seized, which is the third safe method ...

As the security construction of the network boundary, also use the same idea: control the intruder's inevitable channel, set up different levels of security checkpoints, establish an easily controlled "trade" buffer, set up a security monitoring system in the region, for everyone entering the network to track, audit its behavior ...

Third, Border protection technology

From the birth of the network, it generated the interconnection of the network, Cisco is the rise of the company. From the early routers that have no security function, to the appearance of the firewall, the network boundary has been repeating the game between the attackers and the defenders, so over the years, "while, outsmart", as if the protection technology always follow the attack technology behind, keep patching. In fact, the border protection technology is gradually mature in the game: