There are some problems that often make users confused: in terms of product functions, the descriptions of various vendors are very similar, and some "coming soon" are extremely similar to well-known brands. How can we identify this situation?
Similar Products are described. Even for the same function, individual differences are obvious in terms of implementation, availability, and ease of use.
I. Access Control at the network layer
All firewalls must have this function; otherwise, they cannot be called firewalls. Of course, most routers can also implement this function through their own ACLs.
1. Edit Rules
Access control over the network layer is mainly manifested in the firewall rule editing. We must check whether access control over the network layer can be expressed by rules? Is the access control granularity fine enough? Does the same rule provide control measures for different time periods? Does Rule Configuration provide a friendly interface? Can it easily reflect the security will of network management?
2. IP/MAC Address binding
It is also the IP/MAC Address binding function. Some details must be checked. For example, can the firewall automatically collect IP addresses and MAC addresses? Does the system provide an alarm mechanism for access that violates the IP/MAC Address binding rules? Because these functions are very practical, if the firewall cannot provide automatic collection of IP addresses and MAC addresses, the network management may be forced to use other means to obtain the IP addresses and MAC addresses of the users under its jurisdiction, this would be a very boring job.
3. NAT (Network Address Translation)
The functions of the original router have gradually evolved into one of the standard functions of the firewall. However, the implementation of this function varies greatly from manufacturer to manufacturer. Many manufacturers have a major problem in implementing the NAT Function: It is difficult to configure and use, which will cause great trouble for network administrators. We must learn how NAT works to improve our network knowledge. Through analysis and comparison, we can find a firewall that can be used for NAT configuration and usage.
2. Access Control at the application layer
This function is the best choice for various Firewall vendors. Although many firewalls based on free operating systems can have status monitoring modules (because kernel modules such as Linux and FreeBSD support status monitoring ), however, the control of the application layer cannot achieve "come-as-you-go" and requires real programming.
In terms of application layer control, the following points can be investigated when selecting a Firewall.
1. Is HTTP content filtering provided?
Currently, the two most important applications in the enterprise network environment are WWW access and email sending and receiving. The fine-grained control over WWW access reflects the technical strength of a firewall.
2. Does the SMTP protocol provide content filtering?
More and more attacks on Emails: email bombs, email viruses, and leakage of confidential information. Whether or not SMTP-based content filtering and filtering granularity become the focus of user attention.
3. Does the FTP protocol provide content filtering?
You must be careful when observing this function. Many manufacturers' firewalls advertise that FTP content is used for filtering. However, we will find that, most of them only implement the control of two commands in the FTP protocol: PUT and GET. A good firewall should be able to control all other FTP commands, including CD and LS. It should provide command-level control to control access to directories and files, all filters support wildcard characters.
[Content navigation] |
Page 5: access control at the network layer and application layer, |
Page 1: Management and authentication, auditing and logs, and storage methods |
Page 1: How to differentiate packet filtering and status monitoring |
|