Active and passive security defense

Source: Internet
Author: User

Active and passive security defense
In the process of building a secure network environment, security products, as the first security line of defense, are receiving more and more attention from users.
A security product is a combination of components set between different networks or network security domains. It is the only portal for information between different networks or network security domains. It can control inbound and outbound Network Information Flows Based on the security policies of managers and has strong anti-attack capabilities. It is an infrastructure that provides information security services to achieve network and information security. Logically, the security product is a separator, a limiter, and a analyzer that effectively monitors any activity between the Intranet and the Internet and ensures the security of the internal network.
Security products work in two ways to respond to various attacks:
Active Security Defense Model and Passive Security Defense model. The following sections describe:
Active Security Defense
The principle of active security defense is to establish a model for normal network behavior, and match all network data transmitted through security devices with the normal mode in the existing model, if it is not within this normal range, it is regarded as an attack and handled. The biggest advantage of doing so is to block unknown attacks, that is, the unknown attack method discovered by hackers-the biggest hidden danger of network security. In this way, you can build a safe and effective model to respond to various attacks. Representative Products include network firewalls and application firewalls.
A simple example is the status detection technology in the network firewall. The administrator can configure rules that allow access based on network addresses, ports, and Protocols, as long as they do not allow access, access is prohibited. When the firewall is running, a dynamic status table item is created based on the rules that allow access. Only access data that meets these valid status table items can be accessed through the firewall, and all other accesses are prohibited. The network firewall implements active security defense at the network layer. However, because the network firewall does not understand the data at the application layer, the network firewall is powerless for attacks at the application layer.
Like the network firewall, the Application Firewall uses an active security defense model to prevent attacks. However, the biggest difference is that the rules set up by the application firewall to allow access are described by the application, instead of describing network layer information such as network addresses, ports, and protocol numbers. After the application firewall establishes permit rules for the Application description, it checks all application-layer data to determine whether the application-layer data is allowed to pass. If not, traffic is prohibited, this principle can protect against unknown attacks because various attacks against applications and unknown attacks are not included in the description rules set at the application layer that allow access.
Negative Security Defense
The principle of passive security defense is: Based on the discovered attack methods, the experts analyze the features to construct attack feature sets, and then find matching behaviors in network data, in this way, it can be found or blocked. Its disadvantage is that security products using the passive security defense system cannot respond to undiscovered attacks. Representative Products include some intrusion detection systems (IDS), intrusion prevention systems (IPS), and virus firewalls.
A major feature of passive security defense is to establish an attack feature database for known attacks as a basis for determining whether network data contains attack features. Products that use the Passive Security Defense model can be used as a supplement to the network security defense system. However, due to the inability to perform unknown attacks and constant database updates, these products play a limited role, it also has a certain impact on the network performance.
It can be seen from the above that active security defense is relatively safe and effective, but its technical implementation is more complicated. As manufacturers pay attention to active security defense and technology continues to develop, security products using active security defense models will become increasingly sophisticated.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.