The development trend of firewall

Firewalls can be said to be one of the most mature products in the field of information security, but maturity does not mean that the development of stagnation, on the contrary, the increasing security needs of information security products put forward more and more high requirements, firewall is no exception, the following we have some basic aspects of the firewall issues to talk about the main firewall product development trends.

Mode change

The traditional firewall is usually set up in the boundary of the network, whether it is the boundary of intranet and extranet, or the boundary of different subnet in intranet, it is separated by data stream to form security management area. But the biggest problem with this design is that the launch of malicious attack not only comes from outside the net, the intranet environment also has many security hidden trouble, but for this kind of problem, the boundary type firewall processing is more difficult, so now more and more firewall product also began to embody a kind of distributed structure, Distributed as the system design of the firewall products to network nodes as the protection object, can maximize coverage of the objects need to protect, greatly enhance the security protection intensity, this is not only a simple product form changes, but a symbol of the firewall product defense concept sublimation.

Several basic types of firewalls can be said to have advantages, so many vendors will combine these methods to make up for a simple way of the vulnerabilities and deficiencies, such as the simpler way is not only for the transport level of packet characteristics filtering, but also for the application layer of the rules to filter, This comprehensive filtering design can fully tap the ability of the core functions of the firewall, can be said to be on its own basis for the development of one of the most effective way, at present, a more advanced filtering mode with the state detection function of the packet filter, in fact, this has become the existing firewall products, a mainstream detection mode, can be foreseen , the future firewall detection mode will continue to be integrated into more areas, and these areas of cooperation has also been greatly improved.

In view of the current situation, the information recording function of the firewall is becoming more and more perfect, through the log system of the firewall, it can easily track the events occurred in the past network, can also complete the linkage with the audit system, have enough verification ability, to ensure that the evidence collected in the process of investigation and forensics conforms It is believed that the functions of this aspect will be greatly enhanced in the future, and this is a problem that many security systems need to face together.

Feature Extensions

Now the firewall product has presented a design trend of integrating multiple functions, including VPN, AAA, PKI, IPSec and other additional functions, even anti-virus, intrusion detection, such as the mainstream function, are integrated into the firewall products, many times we have been unable to tell whether such products are mainly firewalls, Or is it a feature that has been gradually transformed into products that we generally call IPs (intrusion prevention systems). Some firewalls integrate anti-virus features, such a design will bring a lot of improvement in management performance, but also on the firewall product two other important factors have an impact, that is, performance and its own security issues, so our views should be based on the specific application environment to do a comprehensive balance, After all, there is no perfect solution for the world at the moment.

The management of the firewall has been developing rapidly, and constantly provide some convenient and useful functions to the administrator, this trend will continue, more innovative and effective management functions will continue to emerge, such as SMS function, at least in a large environment will become a standard configuration, When the rules of the firewall are changed or similar predefined management events occur, the alert behavior is sent to the administrator in a variety of ways, including instant SMS or mobile phone dialing, to ensure that the security response behavior is initiated at the first time, and in the future, through similar mobile phones, PDA Such mobile processing equipment can also easily manage the firewall, of course, the expansion of these management methods need to face the first problem or how to ensure that the firewall system itself security is not compromised.

Performance improvement

The future firewall products due to the expansion of the functional, as well as the application of increasingly rich, increasingly complex flow of more performance requirements, will show a stronger processing performance requirements, and the hope that the hardware performance of the rising tide will certainly appear bottlenecks, Therefore, such as the parallel processing technology, such as economic and practical and sufficient validation of performance improvement means will be more and more used in the firewall product platform; Relatively speaking, the simple flow filtering performance is relatively easy to deal with, but with the application layer is more dense, the performance improvement needs to face the more complex; In a large application environment, The rules base of the firewall has at least tens of thousands of records, and as the application of the filter increases, the number of rules tends to go up to the degree of geometric progression, which is a great test of the load on the firewall, the use of different processors to complete different functions may be one of the solutions, For example, using the coprocessor of the integrated proprietary algorithm to deal with the rule judgment specifically, in some aspect of the firewall performance is a big bottleneck, we can simply upgrade a part of the hardware to solve, this design has been applied to existing products, perhaps the future of the firewall products will show a very complex structure, of course, In some ways, we pray that this situation is best not to happen.

In addition, according to experience, in addition to hardware factors, rules processing methods and algorithms will also have a significant impact on firewall performance, so the software part of the firewall should also be integrated into more advanced design technology, and derived more specialized platform technology, in order to ease the performance requirements of the firewall.

To sum up, whether from the function or performance, the evolution of the firewall product will not slow down, but the product richness and launch speed will continue to accelerate, which also reflects the rising security requirements of a trend, and relative to the product itself in a certain aspect of the evolution, More worthy of our attention is the development of platform architecture and the release of security product standards, these changes are not only related to a certain environment of the application of a product, but also related to the future of information security.