This article is to introduce two very representative distributed firewall system at present.
At present, some well-known foreign network equipment developers in the distributed firewall technology more advanced, the product performance is also relatively high, using the "Software + Hardware" form. Host firewall for the integration of distributed firewall technology hardware products, and firewall server is a software form to adapt to more flexible and high intelligence requirements, such as 3COM, CISCO, the United States network security Systems Company's embedded firewall products. However, there are many in the form of pure software, such as the soft DFW products, the Zhongzhou Network Police (NETCOP) distributed firewall. The following is a brief introduction to the DFW software distributed firewall products of the company and 3COM Software + hardware distributed firewall products.
First, the soft everlink DFW distributed firewall
Everlink distributed Firewall (Everlink DFW) is a software firewall product with three-layer filtration structure launched by Beijing Ann Soft Technology Co., Ltd. It uses a variety of advanced network security technology to provide customers with network security services. Everlink distributed firewall relies on packet filtering, Trojan horse filtering and script filtering for three-layer filtering to protect personal computers from malicious attacks during normal use of the network, and improves their network security attributes; At the same time, to facilitate management, The security policy of all distributed firewalls is set up and maintained by the unified Central Policy Management Server, and the server is supervised by the system administrator, which reduces the cost of using the distributed firewall and improves the security ability. Here, the security policy includes the security level and the associated security attributes. The schematic diagram of its network connection is shown in Figure 1.
Its main function and the comparison with other firewall products are shown in table 1, table 2, respectively.
Table 1
Block Network attacks |
· Packet filter · State-based filtering |
Trojan Filter |
· Block known Trojan (Glacier, back Orifice 2000, etc.) · Detect unknown Trojan, add shield list · Can prevent Trojans from using encrypted tunneling (tunnel) technology |
Script filtering |
Includes java script scripts, Visual basic scripts, ActiveX scripts, and more |
Unified Security Policy Management Server |
· By the system administrator special supervision, improve the safety and security ability, can reduce the use cost of the firewall. · You can use the policy download slow-release technology to split the policy file into small pieces, download-by-piece, without affecting the user's network bandwidth, without affecting the user's feeling of using the network. · When downloading a security policy, it always checks with the policy on the server to ensure that the security settings are not compromised without downloading the defect policy. · The local security policy encrypts storage and guarantees that it cannot be modified arbitrarily. |
Intrusion detection |
Discover and block common network attack methods such as port scan, source routed packet attack, teardrop attack, Nmap Scan, TCP Flood and UDP flood, etc. |
Both Ethernet and modem connections are supported |
Full protection of every possible channel |
Dynamic upgrades |
The latest policy is automatically updated and dynamically loaded into the system's kernel, and the system does not need to be restarted |
Real-time Network status monitoring |
Can view the status information of network connections in real time |
Improved logging and alerting capabilities |
Includes software installation, upgrade records, security policy Records, network access records, and attack records |
Full support for Microsoft Windows platform |
including Window 98/me/nt4/2000 |
Table 2
protection function |
Traditional border firewall |
Traditional software Firewalls |
DFW Distributed Firewall |
Personal Firewalls |
Virus wall |
Virus |
√ |
Malicious network control |
√ |
√ |
√ |
√ |
Network intrusion |
√ |
√ |
√ |
√ |
Trojan |
√ |
Intranet Maintenance |
√ |
Pc |
√ |
√ |
√ |
Harassed |
√ |
√ |
√ |
√ |
Information-gathering attacks |
√ |
√ |
√ |
√ |
Two, 3COM distributed firewall system
3Com the newly released embedded firewall is a hardware based distributed firewall solution, which is embedded in the network card and managed centrally by the embedded firewall policy server. This embedded firewall technology combines the robustness of hardware solutions with the flexibility of centralized management software solutions, providing distributed firewall technology and creating a more complete security infrastructure.
1, 3Com distributed Firewall system composition
3Com Company's distributed firewall system is actually composed of these embedded firewall card and embedded firewall Policy Server software. The entire system includes a product map as shown in Figure 2.
Previously, in our impression, the firewall was installed on a separate node of the network as a separate device, connected to the network's switch or router, and at the edge of the network, so it is often referred to as a "border firewall". The 3Com company developed a distributed firewall system embedded firewall products in the form of cards appear in front of you, Figure 3 and Figure 4 are the 3Com company for desktop computers and notebook computers developed by the PCI and PC Card firewall product surface map. Believe that such a firewall product must be the first time to see it?
This firewall product is the distributed firewall technology embedded in the network card, to achieve high integration, so that a normal network card size of PCI or PC Card has both network card and firewall function, so also known as "Embedded firewall." This embedded firewall card provides a RJ-45 Ethernet interface with a bandwidth of 10Mbps and 100Mbps of two. For a PCI interface firewall card can be inserted directly into the computer PCI slot, for notebook PC Card firewall cards have two specifications, one is directly using the 32-bit CardBus interface with the notebook computer.
The most characteristic of distributed firewall is no longer only responsible for the security of the edge of the network, but the firewall functions into every corner of the network, even remote access users, not only to the external network to the internal network of communication filtering, but also according to the needs of the internal network to filter the communication between users. The idea of its protection is that other than their own access to any user is "not credible", are required to filter. Similar to previous personal firewall software products, but not exactly the same. First, they are very different, and the security policies of personal firewalls are set by the system users themselves, the goal is to protect against external attacks, and the security policy of the host firewall for desktop application is arranged and set by the administrators of the whole system, in addition to protecting the desktop, it can control the external access of the desktop machine. , and this security mechanism is not visible to the user of the desktop machine and cannot be changed. Second, different from personal firewall for individual users, desktop applications for the host firewall is enterprise-class customers, it and other distributed firewall products together constitute an enterprise-class application program, forming a security Policy Center unified management, safety inspection mechanism decentralized distributed firewall system structure. It differs from the traditional border firewall only to the protection idea that the external network user can not trust.
When applying this system, we only need to install embedded firewall hardware card on server and work, install 3Com company's corresponding embedded firewall policy server software on server side, and configure and manage the embedded firewall in the whole network system through this strategy server software.
2, 3Com distributed Firewall system's main characteristics
3Com Embedded firewall solution allows it executives to deploy a security model that covers the entire corporate client. This function is more important for security-focused industries such as government, finance, health care and education. The solution uses tamper-proof security and the implementation of a manageable strategy to increase the defenses against internal threats. In this unique way, the combination of firewall hardware and centralized policy management software will enable "defense-in-depth" network security by preventing attacks and intrusions on desktop systems, servers, and laptops through the internal and external edges of the network. The 3Com distributed firewall system mainly has the following advantages:
(1) Tamper-proof reliability
Firewall features are embedded in the 3Com firewall PCI card and PC card hardware, providing a hacker protection capability that is difficult to achieve only software products, and 3Com firewall cards are independent of the host system, which makes them extremely secure.
Hardware-based firewalls are not affected by malicious code or other security programs. Instead, personal firewalls and antivirus software can "break" or decode easily because they interact with the host operating system. This kind of host dependency makes the software-based security mechanism vulnerable to many widely-spread vulnerabilities in the operating system.
(2) Extending the firewall protection beyond the perimeter
Global alliances and mobile access requirements make today's enterprise LANs a complex mix of strategic partner extranet, broadband Internet connectivity, and mobile worker logins. The challenge for this "no walled enterprise" is to maintain the security of the company's local area network when users connect outside the traditional IT infrastructure. Each remote, shared, and open connection is a potential security risk that can cause a millions of loss to the company.
These enterprises need a security system that provides the following protection:
• Comprehensive protection that extends to the edge of the network regardless of how the LAN topology changes or where the connection originated.
• Independent of the host operating system and can enhance tamper-proof security for existing security solutions.
• Secure shared servers, mobile notebooks, and Remote desktop access, especially through vulnerable broadband connections.
• Managed security execution that allows security to be defined by user policy rather than physical infrastructure.
3Com Embedded firewall solutions meet all of these requirements and provide secure, trusted connections both within and outside the network. This unique combination of policy server software and the connection hardware that supports firewalls includes the 3Com embedded firewall Policy server, the 3Com Firewall PCI card (for desktop computers), and the 3Com Firewall PC card (for portable computers).
(3) Protect mobile users
The 3Com embedded firewall solution uses advanced protection to extend from the server to the edge of the network, regardless of how the topology changes or where users are located. IT security managers can be more comfortable with mobile notebook users and remote workers working at home. Centrally managed policies plus hardware-based execution can help prevent disabling or bypassing network security.
The security solution uses a PC-card firewall product to provide a way for mobile users to protect their LAN connections wherever they go when they leave the office. Each firewall card detects whether the user is connected from within or outside the physical perimeter of the local area network, and applies the appropriate security policy for that location. Distributed firewalls can control the network access of each endpoint, thus reducing the cumbersome tasks of circuitous traffic or managing access control lists.
(4) Centralized management
The 3Com embedded firewall policy server defines security policies and distributes them across subnets, extranet, and the Internet to 3Com firewall cards. It can configure policies to control network access, prevent data sniffing and spoofing, simplify packet filtering and verification tasks, and quickly respond to detected attacks.
Centrally managed policies prevent security implementations from being modified at the endpoint. IT administrators can be assured that once they have deployed the appropriate security policies, each user and system is protected, and always will be. Users and systems can be easily added or removed to meet changing security requirements.
Provides IT administrators with time-saving remote management to improve security execution and access control.
(5) Intrusion prevention
3Com's embedded firewall system, which deploys 3Com embedded firewall solutions across the enterprise, can strengthen its resistance to trespassing and help protect network assets. Its intrusion detection system (IDS) can identify inappropriate or suspicious behavior, but it cannot prevent these actions from occurring. They also easily emit error alarms, so IT staff needs to identify each alert to determine whether it is an attack. Usually, after several false alarms, the alarm will be closed.
The 3Com embedded firewall solution helps IDs and other id-based monitoring work more efficiently by first denying intruders to the LAN. Once configured, the firewall card can transparently intercept intrusion attempts with minimal management or user intervention. It is an ideal solution for remote workers who use a "always-open" DSL connection or a cable modem at home, since most residents ' Internet access may not be secure or unfiltered.
(6) Cost effective, scalable
Security implementations provide a shadowing protection for each terminal system, rather than a router or traffic flow. This allows IT managers to easily apply security measures where they are most needed, such as a DMZ subnet, a web hosting server, a customer information station, and a liaison or temporary employee. Furthermore, security can be extended in a cost-reasonable increments to protect the ever-expanding group of users.
To ensure integration with existing infrastructure, the 3Com embedded firewall solution component is compatible with the global IEEE Fast Ethernet standard. Moreover, they can be upgraded with new features and technologies to meet emerging business needs. The firewall card features firmware upgrades that allow businesses to build the configuration they want, where needed and where they need it, and easily expand to meet their development needs.
(7) Processing Uninstall
The 3Com firewall card unloads the security execution tasks into the built-in processor, allowing the host system to specialize in user and application tasks. There is no need to achieve security at the expense of system performance. IPSec and policy execution processing is unloaded to the firewall hardware, so the host CPU can release more cycles to handle user applications and transmissions. Uninstall also makes the 3DES data throughput of the 3COM firewall card 4 to 5 times times higher than SonicWALL or WatchGuard firewall devices. However, be aware that this uninstall feature requires Windows XP or 2000 operating systems.
(8) Super strong connection
Each 3Com embedded firewall policy server supports systems with up to 1000 firewall functions, and a single domain can combine 3 policy servers to support 3,000 firewall-capable systems.
3, PCI and PC Card embedded firewall product main features and advantages
3Com integrates the distributed firewall technology into the card device, realizes the organic integration of the software and hardware, greatly improves the performance of the equipment, which is also the main place to distinguish the distributed firewall of other software. The features and benefits of these two host firewall products are summarized in table 3 and table 4 below. Table 3 main functions and advantages of PCI card host firewall
Function |
Advantages |
Security |
3Com Embedded Firewall |
Firewall cards will be securely embedded in the edge of the LAN, to protect against intrusion, tampering and destruction. |
Hardware-Based security |
Transparent to the operating system and end users, making the security system particularly tamper-proof or disruptive. |
Standard-based complementary solutions |
Enhance traditional security solutions, including perimeter firewalls, network monitoring, DMZ subnets, and anti-virus programs. |
Performance |
Onboard Security Processor # |
With Windows XP and 2000 operating systems, the TCP/IP, IPSEC, and firewall features of the host CPU are uninstalled to provide optimized system performance. |
10/100 Automatic Negotiation |
The adaptive Full-duplex link provides security and fast Ethernet throughput capabilities. |
Advanced Bus Technology |
Streamline data transfer, simplify processing tasks, and accelerate system and application response times. |
Reliability and Services |
Includes three-year limited warranty and web-based Unlimited technical support (including 3Com Knowledgebase Web Services); Service contracts may be extended. |
Management |
3Com Embedded Firewall Policy Server # (sold separately) |
The global security policy can be configured and executed without user intervention; and help reduce support costs. |
Remote wake-up |
Desktops and servers that enable IT administrators to wake and manage sleep status from a central console. |
A platform for firmware upgrades |
The 3Com firewall PCI card can perform firmware upgrades to maximize the flexibility of the security hardware. |
Table 4 main functions and advantages of PC Card host firewall
Function |
Advantages |
Security |
3Com Embedded Firewall solution |
Use tamper-proof firewalls embedded in PC card hardware to filter IP connections based on effective security policies. |
Hardware-Based security |
Transparent to the operating system and applications, making the security system particularly tamper-proof or disruptive. |
Remote features |
Automatically assigns the appropriate security policy, depending on whether the user initiates a local or remote connection. |
Performance |
10/100 Automatic Negotiation |
The adaptive Full-duplex link provides security and fast Ethernet throughput capabilities. |
Security processor |
Offload TCP/IP partitioning, ip-based checksum, and IPSEC encryption processing from host CPUs to maximize platform availability and network throughput. |
Patented Parallel tasking and Parallel tasking II performance |
Delivers higher network throughput, lower CPU consumption, and faster application performance. |
Management |
3Com Embedded Firewall Policy Server * (sold separately) |
Global security policy can be configured and executed without user intervention to improve security; and help reduce support costs. |
3Com Mobile Connection Manager |
Enables IT staff to create and send mobile configuration files to mobile employees; They just click the mouse to travel. |
SNMP Management, DMI 2.0 |
Supports industry standards and simplifies network management. |