Multi-layer defense measures for constructing network

At present, the challenge of network security is mainly focused on the application layer.

As viruses, hackers and vulnerabilities attack the network application layer, the solution should be to start from the application layer. Traditional firewall, anti-virus gateway are based on 2~3 layer network design, there are huge security vulnerabilities and hidden dangers. To address these pitfalls, many vendors are currently developing security products for the application layer.

Radware, which focuses on the network application layer business, has been expanding from the traditional load balancing service solution to the Network Application Layer Security scheme in recent years. Recently, in Guangxi Beihai Radware Greater China Partners meeting, reporters noticed that Radware's business cards are all printed on the "counter-terrorism experts" logo. Radware Global Vice President Chengwenhua said that the first hacker attack is to satisfy their vanity, and now the hackers are to the network gang organization's behavior development, so the company last year focused on the network also needs the concept of counter-terrorism, the so-called anti-terrorism is a counter attack. Therefore, the Radware company's solution, in addition to the base of the server farm, caching servers, firewalls and link load balancing programs, but also focus on intrusion prevention and DOS attack IPs and other network application layer Security solutions.

What a firewall can't do.

Chengwenhua stressed that in order to achieve complete security only one layer of safety measures is impossible to do, must have multi-layer Defense security awareness. The benefits of using application-level security are three points: first, it can handle threats and attacks at gigabit speed, which means it is much faster than normal firewall paths, and the second is that it can monitor the application layer. Firewall detection by path cannot prevent virus attacks because the firewall cannot detect the application layer. The application exchange can be used to detect the application layer, can prevent the attack against the application, the third is able to scan the entire network or several networks, or all network sources at a faster speed. Virus is always spread over the entire network, prevent a few points of significance is not large, must make the virus in the entire network have nowhere to hide, in order to prevent the threat of viruses.

Radware security in the application layer is the introduction of a Synapps Application security control module that can be loaded in a full range of intelligent application switching products. This module analyzes the application level of the packet, carries on the matching tracking according to the characteristic data, and can detect and prevent the intrusion of 25 kinds of 1500 kinds of virus attacks to the network in real time by terminating the suspicious conversation. Furthermore, Radware is currently developing an intrusion prevention (IPS) network security product Defensepro that can provide intelligent traffic control and complete content protection for all types of firewalls and antivirus gateways, based on the 4~7 layer Intelligent application switching technology. This makes radware on the 4~7 layer of the product line more rich.

IPS no longer delayed

The IPs for deep control and defense of network traffic will consume more system resources, and inevitably become the bottleneck of Gateway part. Radware has adopted a unique hardware architecture in leading the network application layer. It is reported that Radware's application software is not running on the ordinary CPU, but in fact directly in Radware unique hardware use, is about to launch 10G flow of IPs devices. In this way, its Defensepro IPs series can work with traditional firewalls and other products to build a comprehensive, intelligent network security protection system from two to seven layers. In addition, the characteristics of Defensepro also have a unique bandwidth management mechanism. It is reported that many operators 40%-50% of the traffic is BT download and other applications "eat" off, and based on the application layer of bandwidth management control can effectively solve this problem.

　　

Chengwenhua: Complete security must have a security awareness of multiple-dimensional defense