10 items to buy the firewall note

Firewall is currently the most widely used network security products, users should pay attention to the following points in the purchase:

I. Security of the firewall itself

The security of firewall itself is mainly embodied in two aspects of its design and management. The key to the security of the design is the operating system, and only the operating system with its own full trust can talk about the security of the system. The security of the application system is based on the security of the operating system, and the security of the firewall itself directly affects the security of the whole system.

Second, the stability of the system

At present, for a variety of reasons, some firewalls have not yet finalized or undergo a rigorous test of a large number of is pushed to the market, its stability can be imagined. The stability of a firewall can be judged by several methods:

1. Obtained from the authoritative evaluation and certification body. For example, you can indirectly understand the stability of a product by examining whether it obtains more certification, referral, and access certificate from the state authorities than with other products.

2. Actual investigation, this is the most effective way: To see if the firewall has a unit of use, its user volume, especially the user's evaluation of the firewall.

3. Try it yourself. On your own network for a period of time trial (one months or so).

4. The history of the manufacturer's development. Generally speaking, if you do not have more than two years of development experience, it is difficult to ensure product stability.

5. Vendor strength, such as money, technology developers, marketing and technical support staff, and so on.

Third, whether efficient

High performance is an important indicator of the firewall, which directly embodies the usability of the firewall. If the network performance is greatly reduced due to the use of firewalls, it means that the security costs are too high. In general, the firewall load hundreds of rules, its performance should not be more than 5% (packet filtering firewall).

Four, whether reliable

Reliability is particularly important to firewall class access control devices, which directly affect the availability of the controlled network. In the system design, the measures to improve the reliability are generally to improve the robustness of the components, increase the design threshold and increase the redundant components, which requires higher production standards and design redundancy.

Five, whether the function is flexible

The effective control of communication behavior requires firewall equipment to have a series of different levels, to meet different users of various types of security control needs attention. For example, for ordinary users, as long as the IP address filter can be, if the internal has different security levels of subnets, sometimes you must allow the high-level subnet to the low-level subnet for one-way access.

Six, is convenient to configure

Installing new network devices at network entrances and exits is a nightmare for every webmaster because it means you have to modify the configuration of almost all existing devices. The firewall that supports transparent communication, does not need to make any changes to the original network configuration when installing, the work that does is equal to a network bridge or hub.

Vii. Management is simple

The rapid development of network technology, a variety of security incidents continue to appear, which requires security administrators to regularly adjust the network security attention. For firewall class access control devices, in addition to the continuous adjustment of security control attention, business system access control is also very frequent adjustment, these require the management of the firewall in full consideration of security needs, the premise must provide convenient and flexible management methods and methods, which is usually reflected as a management approach, management tools and administrative authority.