In today's Internet era, the development of viruses has shown the following trends: the combination of viruses and hacker programs, the spread of worms, the destruction of viruses, the simplicity of virus production methods, and the faster speed of virus propagation, more transmission channels and more infected objects. Therefore, a complete security system should include a comprehensive solution from desktop to server, from internal users to network boundaries, to defend against threats from hackers and viruses. In recent years, the gateway anti-virus technology has become increasingly popular in the security system.
Development of Anti-Virus Technology for gateways
Before the occurrence of a worm virus, computer viruses were mainly transmitted in Mobile storage media. After the occurrence of the worm virus, the Network replaced the location of the Mobile storage media. Many insiders have concluded that as long as the main transmission channel of automatic Email Forwarding is cut off, the spread of computer viruses can be effectively controlled, gateway Anti-Virus is one of the most effective methods to cut off its transmission channels.
In the field of information security technology, hardware-based anti-virus gateway has been launched for a while, and software products with the same features have appeared earlier in the market. From the perspective of application results, hardware products are favored by users with high performance and high stability. The biggest defect of InterScan is that the software has some differences with hardware products in terms of ease of use and security. Software InterScan can only be used on open operating system platforms such as NT, Unix, and Linux. Open systems often have security vulnerabilities, and these vulnerabilities can be found on the Internet. If they are not patched in time, illegal intruders only need to attack open systems to break through network protection. At this time, network security products not only fail to provide security protection, but also become a security risk for the network. In addition, the installation and maintenance of such products are extremely complex. In addition to familiarity with related software technologies, technicians must be familiar with a variety of operating systems to adapt to the maintenance needs of a variety of mail servers. At the same time, the performance and efficiency of the software OfficeScan product will be limited by the hardware environment and cannot achieve the best effect.
Similar to the development process of Firewall Products, the development of OfficeScan products has also gone through the development process from software to hardware, and there are many similarities from application to technology implementation. First, these two products are in the same position on the network and play an important role in security protection on the gateway. Second, both the hardware firewall and the anti-virus force are developed based on the industrial computer, is a product independent of the operating system platform. For hardware InterScan, this product features more convenient. In the past, when users selected related software products, they should not only consider the operating system they used, but also identify the email system they used, different email systems must use different Email Security filtering products. In addition, when a user's email system is upgraded or switched to another email system, they often need to re-purchase the matching security products. Finally, as the user's requirements for network speed increase, hardware-based information security products can meet user needs. For the hardware anti-virus gateway, the vendor adopts the same policy as the firewall product in terms of product design-streamlining the operating system and using dedicated hardware platforms to ensure fast data transmission over the network.
Application of gateway anti-virus Technology
The anti-virus technology of the gateway consists of two parts: one is how to scan and kill data in and out of the gateway; the other is how to detect and clear the data to be scanned. Looking at foreign gateway Anti-Virus products, the virus detection for data is mainly based on the pattern matching technology, and its scanning technology and virus database are consistent with the server version anti-virus product. How to scan and kill incoming and outgoing gateway data is the key to the gateway's anti-virus technology. Because Anti-Virus products at home and abroad cannot detect the virus of data packets, each manufacturer can only restore data packets to files at the gateway for virus processing. In this respect, antivirus vendors adopt different methods, which are mainly divided into the following four methods:
First, it is implemented based on the proxy server. This method mainly relies on the proxy server to restore the data. When the data passes through the proxy server, the data is restored according to different protocols, use the scanning engine installed on the proxy server to scan and kill viruses.
Second, it is implemented based on the restoration of the firewall protocol. This method uses the Protocol restoration function of the firewall to restore data packets to files of different protocols, and then transmits the data packets to the corresponding virus scan server for scanning and killing, scan and then send the file back to the firewall for data transmission. There can be multiple virus scan servers. Anti-virus agents in the firewall can forward protocol data to different virus scan servers based on different protocols.
Third, it is implemented based on the mail server. This method can also be considered as a gateway for the mail server to install the corresponding anti-virus product for the mail server. The Mail Server Edition anti-virus product mainly embeds the anti-virus program in the mail system. It scans and clears emails and their attachments before forwarding in and out of the mail, so as to prevent viruses from entering the enterprise through the mail gateway. At present, the Mail version of Anti-Virus products mainly support Exchange Server, Lotus Notes and mail systems with SMTP protocol.
Fourth, based on information ferry products. It can implement virus protection at the gateway. The information ferry, commonly known as the network gate, uses the GAP technology to establish information islands within the product, and implements data exchange in the information islands through high-speed electronic switches. We only need to install the anti-virus module in the information islands to detect and clear viruses in the data exchange process.
Although the above four methods are different, data scanning is still implemented through the virus scanning engines of various vendors, that is to say, it uses the same scanning engine and virus database as other Anti-Virus products of the vendor, which greatly facilitates the update and upgrade of the gateway Anti-Virus products.