Firewall Toward secure Application Gateway

Recently, WatchGuard Company is responsible for grasping the strategic direction of the firewall and the development process of the Network Security Department senior vice President Marck W.stevens to visit China, for the Chinese users to bring about the latest development of firewall technology direction.

Integrated intrusion Prevention function

With the proliferation of hacker attacks, worms and malicious code, the risk of enterprise network is multiplied day by day, and the traditional firewall technology brings great challenge. Marck W.stevens that over the past four years, firewall technology has not progressed much, and has struggled to withstand a multitude of new attacks that are secretive.

Many users use a "packet filtering" or "stateful monitoring" firewall as a line of defense, many of which exploit the flaws of such firewalls. 98% of network traffic is made up of HTTP, FTP, SMTP, and DNS, and these protocols are likely to be used by hackers to launch attacks, slumber firewalls, and allow attacks to be spared. If the firewall is not performing well, the network protected by the firewall is vulnerable to DOS and DDoS attacks. Marck W.stevens that adding an intrusion defense to the perimeter would solve the problem. Users can take two ways to achieve: first, in the existing firewall based on the addition of an intrusion defense system, the second is to replace the existing firewall into a new firewall (also known as "Security Gateway"), a new firewall integrated with intrusion prevention technology.

Marck W.stevens is in favor of integrating intrusion prevention systems into firewalls, mainly because of better dos/ddos protection, simplified management, reduced configuration errors, and rapid response. If the firewall is independent of the intrusion prevention system and the firewall is outside of intrusion prevention, then a DOS attack can overload the firewall before it arrives at the IPs system. In addition, a separate management console increases the complexity of management and configuration and can lead to security vulnerabilities. Since 1997, WatchGuard has integrated intrusion prevention capabilities in firewalls and VPN devices, and will provide users with comprehensive intrusion prevention capabilities in a new generation of firewalls.

Depth Application layer Agent detection

Marck W.stevens that agent technology is an effective way for firewalls to protect vulnerable points in the network. Packet filtering and stateful packet filtering do not have the same depth of checking data as Agent technology. In the early development of the firewall technology, for performance considerations, people have adopted packet filtering and state monitoring, but very few agent technology, the current has become mature ASIC and NP technology has made agent technology will not affect the performance of the firewall, speed problem is no longer affect people to choose the firewall technology factors, On the contrary, with the increasing complexity and depth of security threats, the deep application layer agent detection technology is becoming more and more important to firewalls.

WatchGuard uses agent technology in the firewall, and is the only security vendor that can implement the proxy in the application layer (layer seventh). In the next generation firewall, WatchGuard not only provides stateful packet filtering detection in the network layer and transport layer, but also provides the application layer with proxy detection. Specifically, HTTP application agents can be targeted to filter content to protect the Internet-dependent enterprise applications from HTML attacks. The SMTP application agent monitors the contents of incoming and outgoing messages in real time. Prevent the mail server from overloading and mail bomb attacks, depending on the type and name of the message to identify whether the message is carrying worms or Trojans, and can block attacks, or hide or change the internal IP address, to avoid the possibility of attack.

Marck W.stevens made it clear that the future development direction of the firewall is the security application gateway. Although firewalls are not the end of the corporate network security perimeter, firewalls are still a basic defense tool if the firewall is used in conjunction with other measures and a hierarchical security mechanism is established.

Marck W.stevens predicts the future of the firewall

Next-generation firewalls will continue to be a cornerstone of network security

Independent intrusion prevention systems become uncompetitive, and intrusion prevention will become a function of the firewall

In addition to the security of the network layer, the firewall implements the security of the application layer.

More CPU processing capacity and greater storage space for more and more heavy processing

ASIC and network processor will become the key to the firewall shortening processing latency