Embedded firewall with a lock for each door

Traditional firewalls only prevent the perimeter

Traditional edge firewalls provide only protection for the perimeter of the corporate network. These edge firewalls filter and censor traffic from outside the Internet into the intranet of the enterprise. However, they do not ensure secure access within the enterprise LAN. It's like adding a lock to the door of an office building, but every room in the office building is open, and once someone passes the door of the office building, they can access any room in the building. Such networks are highly susceptible to targeted attacks. For example, hackers who invade a computer that already has access to a corporate LAN can use the machine as a springboard to invade other systems once they have control of the computer.

Embedded firewall with a lock for each door

The easiest way to improve the safety of office buildings in the above example is to have a key and a lock for each room in the building. Similarly, the latest generation of security solutions distributes firewall functionality across the network's desktop, laptop, and server PCs. Embedded firewalls across the company make it easy for users to access information without exposing other parts of the network to potentially illegal intruders. With this end-to-end security performance, there is no longer any difference between a user's interconnection with the enterprise through an intranet, extranet, virtual private network or remote access. Distributed firewalls also enable organizations to avoid the spread of the entire network as a result of an intrusion from a certain console point system, while also allowing users who log on to the network through a public account to be unable to access those computer systems that are restricted.

Who needs embedded firewalls more

Although all companies should be concerned about security, some of them should be noted. Businesses that store private or proprietary information and operate on it require a strong and reliable security solution, such as government agencies, financial institutions, insurance services, High-tech developers, and various medical institutions. Software-based solutions, such as personal firewalls and antivirus scanners, are not strong enough to meet users ' requirements for those with higher security requirements. Because even a malicious script that is delivered via email can easily shield these defenses, even "friendly" applications running on the host may inadvertently turn off the security protection software to avoid conflicting drivers. Once these software systems fail, the terminal system will be vulnerable to attack. What is more frightening is that other parts of the network will also be under threat of attack.

Because security can be borne by hardware processors rather than software, edge firewall applications or gateways can provide better intrusion prevention for such users. However, as mentioned earlier, the capabilities of these devices are limited to providing protection for the edge of the network. An embedded firewall solution extends this functionality beyond the bounds of the edge firewall and distributes it to the terminal of the network. The edge firewall can provide both circumvention strategy and intrusion prevention strategy. The security measures are implemented on PC system, but are implemented by the hardware system of the embedded firewall, the whole process is independent of the host system. This strategy makes the corporate network almost harmless from any malicious code or hacker attack. Even if an attacker is completely protected by the firewall and gets control of running the firewall host, they will not be able to do anything because they cannot shut down the embedded firewall, or further invade other areas of the network with an intrusive host.

At the same time, a suite of embedded firewall security solutions can provide protection for remote office users who need to visit the company's local area network at home. Because most of the household's Internet services are running on the open chain, and there is no advanced security means to protect, the home PC computer is very vulnerable to hackers attack. If these Home office workers use a DSL router or a cable modem, they will face a greater risk of network security. These "forever online" broadband links are more vulnerable than dial-up modems because they keep the computer connected to the Internet for 24 hours. Telephone dial-up service usually assigns a new IP address to the user each time the user accesses the Internet, but the broadband service provider usually assigns a permanent fixed Internet address to each user, making it very easy for hackers to "lock down" their computers.

3Com Embedded firewall crystallization three minds

3Com Company to provide users with the industry's leading hardware-based distributed network security products. 3Com has partnered with the renowned SideWinder firewall product manufacturer and the secure computing company, which has more than 20 years of experience in the field of security technology, to jointly produce 3COM embedded firewall solutions (3Com Embedded Firewall solution). As a set of supporting firewall technology network card hardware and security management software products in one product, 3Com Embedded firewall solution can be used 3Com 10/100 Security Server network card (3Com 10/100 Secure Server NIC), 3Com 10/ The 100 security card (3Com 10/100 secure NIC) and the 3Com company embedded Firewall Policy server (3Com Embedded Firewall Policy server) are implemented.

3Com Embedded firewall solution is designed to compensate for and improve the security capabilities of the enterprise Edge Firewall, anti-virus programs, host-based applications, intrusion detection warning programs and network agent programs, It ensures that the internal and external network of the enterprise has the following functions: No matter how the topology of the enterprise LAN changes, the protection measures can extend to the network edge for the protection of the network; The security feature based on hardware and capable of preventing intrusion can run independently from the host operating system and other security programs and secure mobile and remote access even on less secure broadband links; a manageable way to execute enables enterprise security to be defined by user policies rather than physical facilities.