Active and passive security defense
In the process of building a secure network environment, security products, as the first security line of defense, are receiving more and more attention from users.
A security product is a combination of components set between different networks or network security domains. It is the only portal for information between different networks or network security domains. It can control inbound and outbound Network Information Flows Based on the security policies of managers and has strong anti-attack capabilities. It is an infrastructure that provides information security services to achieve network and information security. Logically, the security product is a separator, a limiter, and a analyzer that effectively monitors any activity between the Intranet and the Internet and ensures the security of the internal network.
Security products work in two ways to respond to various attacks:
Active Security Defense Model and Passive Security Defense model. The following sections describe:
Active Security Defense
The principle of active security defense is to establish a model for normal network behavior, and match all network data transmitted through security devices with the normal mode in the existing model, if it is not within this normal range, it is regarded as an attack and handled. The biggest advantage of doing so is to block unknown attacks, that is, the unknown attack method discovered by hackers-the biggest hidden danger of network security. In this way, you can build a safe and effective model to respond to various attacks. Representative Products include network firewalls and application firewalls.
A simple example is the status detection technology in the network firewall. The administrator can configure rules that allow access based on network addresses, ports, and Protocols, as long as they do not allow access, access is prohibited. When the firewall is running, a dynamic status table item is created based on the rules that allow access. Only access data that meets these valid status table items can be accessed through the firewall, and all other accesses are prohibited. The network firewall implements active security defense at the network layer. However, because the network firewall does not understand the data at the application layer, the network firewall is powerless for attacks at the application layer.
Like the network firewall, the Application Firewall uses an active security defense model to prevent attacks. However, the biggest difference is that the rules set up by the application firewall to allow access are described by the application, instead of describing network layer information such as network addresses, ports, and protocol numbers. After the application firewall establishes permit rules for the Application description, it checks all application-layer data to determine whether the application-layer data is allowed to pass. If not, traffic is prohibited, this principle can protect against unknown attacks because various attacks against applications and unknown attacks are not included in the description rules set at the application layer that allow access.
Negative Security Defense
The principle of passive security defense is: Based on the discovered attack methods, the experts analyze the features to construct attack feature sets, and then find matching behaviors in network data, in this way, it can be found or blocked. Its disadvantage is that security products using the passive security defense system cannot respond to undiscovered attacks. Representative Products include some intrusion detection systems (IDS), intrusion prevention systems (IPS), and virus firewalls.
A major feature of passive security defense is to establish an attack feature database for known attacks as a basis for determining whether network data contains attack features. Products that use the Passive Security Defense model can be used as a supplement to the network security defense system. However, due to the inability to perform unknown attacks and constant database updates, these products play a limited role, it also has a certain impact on the network performance.
It can be seen from the above that active security defense is relatively safe and effective, but its technical implementation is more complicated. As manufacturers pay attention to active security defense and technology continues to develop, security products using active security defense models will become increasingly sophisticated.