As for server security, one of the most common problems novice encounters is: What kind of firewall should we choose? In the face of such a wide range of server firewalls, when the choice is to consider the visibility of the manufacturer or the firewall itself performance? is the choice of domestic firewall or foreign firewall? Should you use a fee-based enterprise firewall or try a free firewall? These problems are all a headache.
Different application environment and different use requirements, the performance of the firewall requirements are different. So to really find a suitable server firewall, the focus is on the choice of server firewall, the careful analysis of their own needs, comprehensive consideration of the different types of server firewall advantages and disadvantages. In order to help the novice in the selection of server firewall, can have a more general direction, we will introduce the server firewall rough classification, and the different types of server firewalls and their respective advantages and disadvantages.
One, according to the composition structure division, the type of server firewall can be divided into hardware firewall and software firewall.
Hardware firewall is essentially embedded in hardware, hardware firewall hardware and software need to separate design, the use of dedicated network chip to deal with the packet, at the same time, the use of specialized operating system platform, so as to avoid the common operating system security vulnerabilities caused by the threat of intranet security. In other words, the hardware firewall is the firewall program to do inside the chip, the hardware performs the server's protection function. Because of the inline structure, it is faster and more powerful and more efficient than other types of firewalls.
A software firewall, as its name suggests, is a software product installed on a server platform that enables the optimization of network management and defense functions by working at the bottom of the operating system. A software firewall runs on a specific computer that requires the support of a client's pre-installed computer operating system, which is generally the gateway to the entire network. Software firewalls, like other software products, need to be installed and configured on the computer before they can be used.
Hardware firewall performance is superior to the software firewall, because it has its own dedicated processor and memory, can be independent of the ability to protect against network attacks, but the price will be much more expensive, change the settings are also troublesome. and
Software firewall is installed as a gateway server, using the server's CPU and memory to achieve the ability to attack, in the case of serious attack may occupy a lot of server resources, but relatively much cheaper, set up also very convenient.
Second, in addition to the structure of the server firewall can be divided into software firewalls and hardware firewalls, but also from the technology can be divided into "packet filter type", "Application Agent" and "State monitoring" three categories. How complex the implementation process of a firewall is, in the final analysis, the functional expansion based on these three technologies.
1. Packet filter Type
Packet filtering is one of the first firewall technologies used, its first generation model is static packet filtering, working in the OSI model of the network layer, then developed dynamic packet filtering is working in the OSI model Transport layer. Packet filtering firewall work is a variety of TCP/IP protocol based on the access to data packets, it takes this network layer and the transport layer as the data monitoring object, carries on the analysis to each data packet's head, the protocol, the address, the port, the type and so on the information and checks with the preset firewall filtering rule, Once one or more parts of a package are found to match the filter rule and the condition is "blocked", the packet is discarded.
The advantage of the firewall based on packet filtering technology is that it is easy to implement for small and less complex sites. But its drawbacks are significant, and the first big, complex site packet filtering rules table quickly becomes large and complex, and rules are hard to test. As the table increases and complexity increases, the likelihood of the rule structure being compromised increases. The second is that the firewall relies on a single component to protect the system. If there is a problem with this part, or if an external user is allowed to access the internal host, it can access any host on the intranet.
2. Application Agent Type
The application proxy firewall is actually a small transparent proxy server with data detection filtering function, but it is not simply embedding packet filtering technology in a proxy device, but a new technology called Application Protocol analysis. The application of proxy firewall can make the data of each layer active, real-time monitoring, can effectively determine the various layers of illegal intrusion. At the same time, the firewall also has a distributed detector, can detect attacks from outside the network, but also from the internal malicious damage has a strong preventive effect.
Agent-based firewall application agent technology, each connection through the firewall must be based on the agent created for the process, and the agent process itself is to consume a certain amount of time, so the data in the proxy firewall will inevitably occur data lag phenomenon, Proxy firewalls are at the expense of speed in exchange for a higher security performance than packet filtering firewalls.
3. Status Watch Type
This kind of firewall technology through a module called "State Monitoring", without affecting the normal operation of network security on the premise of the use of data extraction methods to monitor the various levels of network communication, and according to a variety of filtering rules to make security decisions. State monitoring can analyze package content, thus getting rid of the traditional firewall only limited to a few packet header information detection weaknesses, and this firewall does not have to open multiple ports, further eliminate the possibility of excessive open ports caused by the security risks.
Because state monitoring technology is equivalent to combining packet filtering technology and application agent technology, therefore, it is the most advanced, but because the implementation of the technology is complex, in the actual application can not be truly fully effective data security detection, and in general computer hardware system is difficult to design a perfect defense based on this technology.
Third, the mainstream server software firewall recommended
When choosing a software firewall, you should pay attention to the security and efficiency of the software firewall itself. At the same time, we should consider the configuration of software firewall and the convenience of management. A good software firewall product must meet the user's actual needs, such as a good user interface, can support command line management, and support GUI and centralized management. Below we recommend several more well-known software firewalls for your reference:
1. Kaspersky Software firewall Anti-hacker
This is the company produced a very good network security firewall, it and the famous anti-virus software AVP is the same company's products. All network data access will be prompted by the user, access to the release of the action is determined by the user, and can withstand from the internal network or Internet hacker attacks. Another feature of this software is the timely updating of the virus library. Kaspersky virus database updated two times a day, users can according to their own needs any preset software update frequency. The only shortage of this product, whether it is anti-virus or monitoring, will occupy a larger system resources.
2. Norton Firewall Enterprise Edition
Norton Firewall Enterprise Edition, suitable for Enterprise server, E-commerce platform and VPN environment. This section can provide safe failover and the longest normal running time. This software firewall uses validated firewall management maintenance, monitoring and reporting to provide considerate perimeter protection, its flexible service can support any number of firewalls, both to support a single firewall, but also to support the enterprise's global firewall deployment. The software also provides a powerful set of user authentication methods, including Windows NT Domain, Radius, digital authentication, LDAP, S/key, Defender, SecureID, and allows administrators to flexibly choose Security data from a user environment.
3. Server Security Dog
Server Security Dog is a practical system for IDC operators, virtual Host service providers, Enterprise hosts, server managers and other users to provide server security protection. is a set of DDoS protection, ARP protection, view network connectivity, network traffic, IP filtering as one of the server security protection tools. With real-time flow monitoring, server process connectivity monitoring, the timely detection of abnormal connection process monitoring mechanism. At the same time, the firewall also has intelligent DDoS attack protection, can resist the CC attack, UDP Flood, TCP Flood, SYN Flood, ARP and other types of server malicious attacks. The firewall also provides detailed log tracking capabilities to facilitate locating the source of the attack.
4. KfW Shield Server Edition
KfW Shield Firewall System is a comprehensive, innovative, high security, high-performance network security system. It guards the enterprise network according to the security rules set by the System Manager, provides the powerful access control, the state detection, the network address translation (network addresses translation), the information filtering, the flow control and so on function. Provide complete security settings, access control through High-performance network core.
5. McAfee Firewall Enterprise
The advanced features of McAfee Firewall Enterprise such as application monitoring, reputable global intelligence, automated threat updates, cryptographic traffic detection, intrusion prevention, virus protection, and content filtering, enable them to intercept attacks in a timely manner.
6. Ice Shield Professional anti-DDoS firewall software
The
Ice Shield firewall software has the good compatibility, the stability and the enhancement anti-DDoS ability, is suitable for the legendary server, the Miracle server, the website server, the game server, the music server, the movie server, the chat server, the forum server, the electronic Commerce Server and so on many kinds of host servers. The firewall software can intelligently identify various DDoS attacks and hacker intrusion behavior. In the prevention of hacker intrusion, the software can identify more than 2000 kinds of hacker intrusion behaviors, such as port scan, Unicode malicious code, SQL injection attack, Trojan Trojan upload and exploit exploit.