With the rapid development of Internet, how to guarantee the security of information and network, especially in the exchange of confidential information such as commerce in open interconnected environment, how to ensure that information access and transmission is not stolen, tampering, has become a matter of great concern to enterprises.
As one of the organizations and advocates of the Open Security Enterprise Interconnection Alliance (OPSEC), checkpoint company occupies the leading position of world market in enterprise Security product development, its FIREWALL-1 firewall has surpassed 44% in the market share, many famous big companies in the world, such as IBM , HP, CISCO, 3COM, bay, etc., have become OPSEC members or distribution checkpoint FIREWALL-1 products.
The main features of CheckPoint FireWall-1 V3.0 firewall.
Looking at the need for network security, the main characteristics of FIREWALL-1 can be divided into three categories, the first category is security, including access control, authorization authentication, encryption, content security, etc. the second category is management and accounting, including security policy management, router security management, accounting, monitoring and so on; the third type is connection control, Including the load balance high reliability, etc., described below separately.
1. Access control
This is a measure to restrict unauthorized access to the company's network and information resources. An important factor in evaluating access control is whether it can be applied to all existing services and applications. The first generation packet filtering technology can not implement the application-level protocol processing, and can not handle UDP, RPC or dynamic protocol. The second generation of application proxy Gateway firewall technology, in order to realize access control needs to occupy a lot of CPU resources, on the Internet on the emerging applications (such as multimedia applications), can not quickly support.
CheckPoint FIREWALL-1 's state monitoring technology, combined with powerful object-oriented methods, can provide seven-tier application recognition, which is easy to support for new applications. Currently supports more than 160 predefined applications and protocols, including all Internet services, such as secure Web browsers, traditional Internet applications (mail, FTP, telnet), UDP, RPC, and more, supporting important business applications such as oraclesql* Net, Sybasesql Server database access, support multimedia applications, such as RealAudio, Cooltalk, NetMeeting, Internetphone, and Internet broadcasting services, such as BackWeb, Pointcast.
In addition, FIREWALL-1 can also provide a method of customizing security policy based on time objects.
FIREWALL-1 Open System has good expansibility, it can conveniently customize user's service and provide complicated access control.
2. Authorization Certification (authentication)
Because the general enterprise network resources not only provide to the local users, but also to the various remote users, mobile users, telecommunications users access, in order to protect their own network and information security, it is necessary to access the user to take effective rights control and visitor identification. Certified, FIREWALL-1 can ensure that a user-initiated communication connection is confirmed prior to its authenticity. The authentication provided by FIREWALL-1 does not require any modifications to the server and client applications. FIREWALL-1 's service authentication is a security policy integrated throughout the enterprise, which can be centrally managed through the GUI of the firewall. At the same time for the entire enterprise-wide certification process to carry out the full monitoring, tracking and recording.