The flaw of the distributed firewall to fill the boundary firewall

Traditional firewalls are called border firewalls because they are deployed at the network boundary. The boundary firewall constitutes a barrier between the intranet and the external Internet, which is responsible for the network access control. Along with the development of the network security technology, the boundary firewall gradually exposes some weakness, which is embodied in the following aspects.

Limited by network structure

The working mechanism of the boundary firewall relies on the topological structure of the network. As more and more users use the Internet to frame cross-regional enterprise networks, mobile office and server hosting are becoming more and more popular, plus e-commerce requires that business partners can access each other under certain permissions, enterprise intranet and network boundary become the concept of logic, and the application of border firewall is more and more restricted.

It's not safe inside.

The boundary firewall setting security policy is based on the basic assumption that people outside the corporate network are not trustworthy, and that people within the enterprise network are trustworthy. In fact, nearly 80% of attacks and unauthorized access from within the enterprise network, the border firewall for the attack from within the enterprise network is inadequate.

Efficiency is not high and the fault point is many

The boundary firewall concentrates the checking mechanism on the single point of the network boundary, which leads to the bottleneck of network access, and makes the user consider the detection efficiency first when choosing the firewall product, then the security mechanism. Security policy is too complex and further reduces the efficiency of the border firewall. In order to meet the needs of different applications, the boundary firewall has to take a compromise between efficiency and security strategy, so it leaves many security risks. In addition, the border firewall itself has a single point of failure risk, once there is a problem or hackers to conquer, the entire enterprise network will be completely exposed to the attackers.

In view of the flaw of the boundary firewall, the expert proposed the distributed firewall scheme. Distributed firewall has a narrow and broad sense of the point. Blocking the intranet vulnerability is the specialty of a distributed firewall.