Interpretation of distributed firewalls--technical articles

With the development and popularization of network, especially the rapid development and popularization of Internet application, network security has been paid more and more attention by users at all levels. People in the enjoyment of the many benefits of information, but also faced with the increasingly prominent issues of security. For example: the protection of state secrets and trade secrets in the network environment, in particular, the government after the Internet to protect sensitive information, the identification of various actors on the Internet and the recognition of the right and right, a highly networked business (business, government, educational, etc.) information system operation of the normal and not be destroyed, network banking, E-commerce, The accurate truthfulness of payment and settlement in all kinds of funds management system and the not being cheated by financial institution data protection and management system will become the focus of corporate image, commercial interests, national security and social stability.

First, the generation of distributed firewalls

Because the traditional firewall is set up at the network boundary, between the internal enterprise network and the outside Internet constitutes a barrier, carries on the network access control, therefore is called the boundary Firewall (Perimeter Firewall). With the development of the computer security technology and the improvement of the user's requirement to the firewall, a new kind of firewall is appearing, that is "distributed firewall", the English name is "distributed Firewalls". It is developed on the basis of the current traditional border firewall. But at present mainly in the form of software, there are some international well-known network equipment developers (such as 3COM, Cisco, etc.) to develop and produce integrated distributed firewall technology hardware distributed firewall, into the form of embedded firewall PCI card or PCMCIA card, but is responsible for centralized management or a server software. Because the distributed firewall technology is integrated into the hardware, it is often called "embedded firewall", in fact its core technology is "distributed firewall" technology. About these distributed firewall products will be introduced in the next article.

As we all know, the traditional border firewall is used to restrict the mutual information access and transfer operations between the protected enterprise internal network and the external network (usually the Internet), where it is located between the internal network and the external network. In fact, all of the different types of firewalls that were previously present, from simple packet filtering in the application layer to the adaptive proxy, it is based on the common assumption that firewalls view users at one end of the intranet as trustworthy, while users at one end of the network are treated as potential attackers. The assumption is that the entire firewall development and working mechanism, but with the development of various network technologies and the emergence of new attacks in recent years, there is a growing desire to rethink the problems of traditional border firewalls in search of new solutions, and the "distributed Firewalls" described in this article Technology is currently considered the most effective solution.

Distributed firewall is a kind of host-resident security system, which protects the key node servers, data and workstations in the enterprise network from the damage of illegal intrusion. Distributed firewalls are typically kernel-mode applications that are located at the bottom of the OSI stack of the operating system and are directly facing the NIC, filtering and restricting all information, whether from the Internet or from the internal network.