Firewall technology detailed description and technology development trend

Traditional firewalls are usually based on access control List (ACL) packet filtering, located in the internal private network entrance, so also known as the "border firewall." In addition to the access control features, most firewall manufacturers now integrate other security technologies, such as NAT and VPN, virus protection, on their devices.

I. Overview of the development of firewall technology

Traditional firewalls are usually based on access control List (ACL) packet filtering, located in the internal private network entrance, so also known as the "border firewall." With the development of firewall technology, firewall technology has also been developed, some new firewall technology, such as circuit-level gateway technology, Application Gateway technology and dynamic packet filtering technology, in practical use, these technologies are very different, some work in the OSI Reference Model of the network layer, and some work in the transport layer, There are also jobs in the application layer.

In these emerging firewall technologies, static packet filtering is the worst security solution, its application has some insurmountable limitations, the most obvious performance is not detect based on user identity spoofing packets, and very vulnerable to such as DOS (denial of service), IP address fraud and other hacker attacks. There is now basically no firewall vendor using this technology alone. Application-tier gateways and circuit-level gateways are better security solutions that check packets at the application level. However, it is not possible for each application to run such a proxy server, and some application gateway technology also requires the client to install special software. Both of these solutions also have a significant performance disadvantage. Dynamic packet filtering is based on the connection state of the packet to check, because the dynamic packet filtering to solve the static packet filtering security restrictions, and the agent technology in the performance of a significant improvement, so at present most firewall manufacturers adopt this technology. However, with the increase of active attack, the state packet filtering technology is confronted with great challenges, and it needs the assistance of other new technologies.

In addition to the access control features, most firewall manufacturers now integrate other security technologies, such as NAT and VPN, virus protection, on their devices.