CheckPoint FIREWALL-1 Firewall Technology

Source: Internet
Author: User
Tags ftp opsec firewall

With the rapid development of Internet, how to guarantee the security of information and network, especially in the exchange of confidential information such as commerce in open interconnected environment, how to ensure that information access and transmission is not stolen, tampering, has become a matter of great concern to enterprises.

As one of the organizations and advocates of the Open Security Enterprise Interconnection Alliance (OPSEC), checkpoint company occupies the leading position of world market in enterprise Security product development, its FIREWALL-1 firewall has surpassed 44% in the market share, many famous big companies in the world, such as IBM , HP, CISCO, 3COM, bay, etc., have become OPSEC members or distribution checkpoint FIREWALL-1 products.

The main features of CheckPoint FireWall-1 V3.0 firewall.

Looking at the need for network security, the main characteristics of FIREWALL-1 can be divided into three categories, the first category is security, including access control, authorization authentication, encryption, content security, etc. the second category is management and accounting, including security policy management, router security management, accounting, monitoring and so on; the third type is connection control, Including the load balance high reliability, etc., described below separately.

1. Access control

This is a measure to restrict unauthorized access to the company's network and information resources. An important factor in evaluating access control is whether it can be applied to all existing services and applications. The first generation packet filtering technology can not implement the application-level protocol processing, and can not handle UDP, RPC or dynamic protocol. The second generation of application proxy Gateway firewall technology, in order to realize access control needs to occupy a lot of CPU resources, on the Internet on the emerging applications (such as multimedia applications), can not quickly support.

CheckPoint FIREWALL-1 's state monitoring technology, combined with powerful object-oriented methods, can provide seven-tier application recognition, which is easy to support for new applications. Currently supports more than 160 predefined applications and protocols, including all Internet services, such as secure Web browsers, traditional Internet applications (mail, FTP, telnet), UDP, RPC, and more, supporting important business applications such as oraclesql* Net, Sybasesql Server database access, support multimedia applications, such as RealAudio, Cooltalk, NetMeeting, Internetphone, and Internet broadcasting services, such as BackWeb, Pointcast.

In addition, FIREWALL-1 can also provide a method of customizing security policy based on time objects.

FIREWALL-1 Open System has good expansibility, it can conveniently customize user's service and provide complicated access control.

2. Authorization Certification (authentication)

Because the general enterprise network resources not only provide to the local users, but also to the various remote users, mobile users, telecommunications users access, in order to protect their own network and information security, it is necessary to access the user to take effective rights control and visitor identification. Certified, FIREWALL-1 can ensure that a user-initiated communication connection is confirmed prior to its authenticity. The authentication provided by FIREWALL-1 does not require any modifications to the server and client applications. FIREWALL-1 's service authentication is a security policy integrated throughout the enterprise, which can be centrally managed through the GUI of the firewall. At the same time for the entire enterprise-wide certification process to carry out the full monitoring, tracking and recording.

FIREWALL-1 offers three methods of authentication:

User authentication (authentication)

User authentication (UA) is based on the access rights of each user authentication, and the user's IP address, FIREWALL-1 provided by the authentication Server includes: FTP, TELNET, HTTP, RLOGIN.

UA is particularly meaningful for mobile users, and user authentication is implemented at the gateway of the firewall system. The FireWall-1 gateway intercepts the required authentication requests and shifts the connection to the appropriate security server. When the user is authenticated, the security server opens a second connection, accesses the destination host, and its subsequent packets are FIREWALL-1 checked by the gateway.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.