The technical characteristics of intelligent Firewall _ Web surfing

Firewalls have been widely accepted by users and are becoming a major network security device. Firewalls delineate a range of protection and assume that the firewall is the only exit, and then the firewall decides whether to release or block incoming packets. The traditional firewall has a major theoretical hypothesis-if the firewall refuses to pass some packets, it must be safe because the packets have been discarded. But in fact the firewall does not guarantee that the approved packets are secure, and the firewall cannot tell the difference between a normal packet and a malicious packet, but requires the administrator to ensure that the packet is secure. The administrator must tell the firewall what to pass, and the firewall allows the packet to pass by the set rules, so that the administrator must assume the security responsibility of the policy error. However, this assumption of the traditional firewall is not appropriate for network security, and the security effect is not good. Handing security responsibility to the security administrator does not actually solve the security issue. A new generation of firewalls should enhance the security of the release data, because the real demand for network security is to ensure security, but also to ensure the normal application.

This article describes the Smart Firewall is a smarter, more intelligent firewall products, it overcomes the traditional firewall "one tube dead, on the chaos" situation, fixed the above firewall's major assumptions. The new smart firewall changes the concept of "exit" to the concept of "gateway", and all packets passing through the "gateway" must be inspected by the firewall. In contrast to the data matching inspection techniques used in traditional firewalls, the new intelligent firewall uses AI recognition technology to determine access control. Smart firewalls are more secure and more efficient than traditional firewalls.

　　traditional firewalls face application problems

The current firewall, both technically and product development process, has experienced five stages of development. The first generation of firewall technology is almost simultaneous with routers, using packet filtering (Packet filter) technology. In 1989, Dave Presotto and Howard Trickey of Bell Labs introduced a second-generation firewall, the circuit-layer firewall, and presented a preliminary structure of the third generation firewall-application-layer firewall (proxy firewall). In the 1992, the Bobbraden of the USC Information Science Institute developed a fourth generation firewall based on dynamic packet filtering (dynamical packet filter) technology, which later evolved into the current state monitoring (Stateful inspection) technology. In 1994, Israel's checkpoint company developed the first commercially available product to adopt this technology. In 1998, NAI introduced an adaptive proxy (adaptive proxy) technology, which was implemented in its product Gauntlet Firewall for NT, giving a new meaning to the proxy type firewall, which could be called the fifth generation firewall.

The former five Dynasties firewall technology has a common feature, is to adopt one-way matching method, the computation amount is too big. Packet filtering is the matching check of IP packets, the state detection packet filtering in addition to the package to match the check of the state information to carry out matching check, application agent to the application protocol and application data matching check. As a result, they all have a common flaw-the higher the security, the more the inspection and the lower the efficiency. Using a law to describe, is the firewall security and efficiency is inversely proportional.

No one suspects that the firewall occupies the first place in all security device purchases. But the traditional firewall does not solve the network main security problem. At present, the three major problems of network security are: Network attack with denial of access (DDOS) as the main target, the virus spread by worm (worm) and the content control represented by spam e-mail (SPAM). These three security issues cover most of the problems of network security. And these three big problems, traditional firewall is powerless. There are three reasons, one is the limitation of traditional firewall computing ability. The traditional firewall is at the cost of high strength inspection, the higher the strength of the inspection, the greater the cost of calculation. The second is the traditional firewall access control mechanism is a simple filtering mechanism. It is a simple conditional filter that does not have the intelligent function to handle complex attacks. The third is that traditional firewalls cannot distinguish between goodwill and malicious behavior, which determines that traditional firewalls cannot resolve malicious attacks.

　Intelligent Firewall comes into being

The smart Firewall is relative to the traditional firewall, as the name suggests, it is smarter, more intelligent. 80% of users are very receptive to the concept of smart firewalls, in their eyes, not smart is unreliable, insecure. Do you think it's safe to find an intelligent bodyguard? The traditional firewall exists many problems, the user is often difficult to understand. Users often ask why firewalls do not prevent hackers from attacking. Security experts use recorded data to analyze, at a glance to find the hacker's attack, why firewall not? The reason is that the traditional firewall is a simple mechanism that can only implement security policies mechanically.

The intelligent firewall from the technical characteristic, is uses the statistical, the memory, the probability and the decision intelligent method to identify the data, and achieves the access control the goal. The new mathematical method eliminates the massive computation required by the matching inspection, discovers the characteristic value of the network behavior efficiently, and directly carries on the access control. Because these methods are mostly used in the artificial intelligence discipline, they are called intelligent firewalls.

A typical example can illustrate how important smart firewalls are to network security. The traditional firewall to check the package, just like the recognition of human appearance, using image recognition. Converts a person's appearance into an image, remembers each pixel of the image, and then checks for a match. By checking thousands of pixels, tell you who this is. That's not how people recognize their looks. People can identify who you are in real time with little calculation. This is intelligent recognition. The intelligent firewall can easily find the characteristic value of network behavior to identify the network behavior without massive computation, so it is easy to perform the access control.

In a word, the appearance of intelligent firewall is the emergence of the coming, will bring information security into a new realm.

　　Application Stand

The intelligent firewall has successfully solved the widespread denial of service attack (DDOS) problem, the virus propagation problem and the advanced application intrusion problem, which represents the mainstream development direction of the firewall. The security of the new generation of intelligent firewall has a great improvement over the traditional firewall, which has a qualitative leap compared with the traditional firewall in the least privilege, system minimization, kernel security, system strengthening, system optimization and network performance maximization. Its main application areas are as follows:

Prevent malicious data attacks: Intelligent firewall can intelligently identify malicious data traffic, and effectively block malicious data attacks, to resolve SYN flooding, land Attack, UDP flooding, Fraggle Attack, Ping flooding, Smurf, Ping of Death, unreachable host and other attacks, effectively cut off the malicious virus or Trojan traffic attacks.

Guard against hacker attacks: Smart firewalls can intelligently identify hackers ' malicious scans and effectively block or deceive malicious scanners. Scanning tools such as ISS, SSS, Nmap, and so on that are currently known, can be prevented from being scanned. And can effectively solve malicious code of malicious scan attacks.

Guard against Mac spoofing and IP spoofing: Smart firewalls provide MAC based access control mechanisms to prevent MAC spoofing and IP spoofing, support MAC filtering, and support IP filtering. Extend the access control of the firewall to the second layer of OSI.

Intrusion prevention: In order to solve the security of the permitted release packet, the intelligent firewall intrusion detection and provide intrusion prevention protection, which completes the deep packet monitoring, and can block the application layer attack.

Prevention of potential risks: Smart Firewall Support Package scrubbing technology, IP, TCP, UDP, ICMP and other protocols to scrub, to achieve the normalization of the Protocol, eliminate potential protocol risks and attacks. These methods have a significant effect on eliminating the defects of TCP/IP protocol and the application of protocol vulnerabilities.

To sum up, compared with the traditional firewall, the Intelligent firewall protects the network and the site from Hacker's attack, blocks the malicious transmission of the virus, effectively monitors and manages the internal LAN, protects the necessary application security, provides the formidable authentication authorization and the audit management and so on, has the widespread application value.