Comprehensive Perspective Firewall

At present, many brands of security products, a factory also has a variety of different firewalls. The price of the product is also very disparity, from thousands of yuan to hundreds of thousands of yuan, or even millions of dollars. At the same time, new concepts about firewalls are emerging, dazzling, the general user is difficult to make the right choice. This article has carried on the thorough analysis to the firewall, hoped can help the user to see what really needs.

Comprehensive evaluation of functional and performance needs

Function and performance has always been the user evaluation of the main aspects of the firewall, especially performance due to quantifiable, but also the focus of comparison, but really understand these two problems is not easy.

In order to adapt to the user's complex environment and requirements, but also to have a "selling point", the firewall now generally has a lot of functions, these functions alone to see that there is no problem, such as the dual-machine hot standby function has passed the test, H.323 dynamic application support is also tested through, but in the actual environment, we may need to use the H.323 video conferencing in the case of dual-machine hot standby, and require a switch when the video is not interrupted, the possible firewall is not, and similar combination of functions is the user really need. In addition, the functionality and performance of the firewall are generally evaluated independently, functional testing and performance testing are divided into two parts, functional testing care about a single function, performance testing care about the performance of a simple two or three-layer application, resulting in functional performance "two layers of skin", can not really reflect the firewall capability: Testing performance is high, but many functions can not be used, In practice, when the commonly used features are turned on, performance becomes very low. Therefore, the performance and function evaluation must be combined to truly evaluate the firewall. The specific evaluation should start from the following aspects:

2~7 layer access control function, especially application layer depth filtering, should be able to use any combination of the following functions: address mapping, port mapping, VLAN trunk support, user authentication, dynamic packet filtering, flow control, etc.

The safety function, the emphasis is the anti-Synflood. Firewall as a single channel of the network, to ensure the security of the protected network, we need to focus on whether the security protection function can be in the filtering attack while ensuring normal access, whether to fake source address attacks and real source address attacks at the same time effective, can protect the server from impact. This function should be used in combination with address mapping, port mapping, VLAN trunk support, user authentication, dynamic packet filtering, flow control, etc.

Practical performance. Performance testing typically includes 6 main areas: throughput, latency, packet loss rate, back-to-back, concurrent connections, new connection rate. Practicality can be used to investigate the performance of the user in close proximity to real use;

New connection rate, because the network applications have a large volatility, that is, different time access to the characteristics of a large difference, requires a firewall can adapt to this situation, the corresponding consideration index is the new connection rate. Considering the complexity of user networks and applications, you also need to turn on common features such as packet filtering, content filtering, and attack resistance, in which case the new connection rate is tested.

Good management is the key to safety

Because each network administrator is not required to be a network security expert, management is the key to network security. In addition to the Rights management, communication encryption, we also need to focus on the management of single machine convenience and centralized management of these two aspects.

In the case of single machine management convenience, the firewall should be able to provide a variety of management methods for administrators to use in different occasions, such as: Serial command line mode for the high level of the administrator to the firewall for a comprehensive management; SSH is suitable for remote maintenance management; Web mode is suitable for remote configuration; GUI approach is suitable for remote configuration and monitoring. Among them, the web way because does not install the client software is more convenient and flexible, GUI installation is more troublesome, but the flexibility is stronger.

In addition, the firewall of the big customers, industry customers a lot, the management cost can be very high, whether the firewall centralized management is also very important, including security policy focus on customization and issuance, log centralized management and analysis, equipment cascade management and real-time monitoring. The centralized management of the policy is most important, as it is necessary to ensure consistent and secure policy across the organization.

It is not enough to look at the propaganda of the firewall to do the advance evaluation, so it is necessary to have a thorough understanding and careful comparison to evaluate the actual needs.