To overcome the "tube on the dead, put on the chaos" Smart firewall

Introduction and technical features of the latest smart firewalls

Firewalls have been widely accepted by users and are becoming a major network security device. Firewalls delineate a range of protection and assume that the firewall is the only exit, and then the firewall decides whether to release or block incoming packets. The traditional firewall has a major theoretical hypothesis-if the firewall refuses to pass some packets, it must be safe because the packets have been discarded. But in fact the firewall does not guarantee that the approved packets are secure, and the firewall cannot tell the difference between a normal packet and a malicious packet, but requires the administrator to ensure that the packet is secure. The administrator must tell the firewall what to pass, and the firewall allows the packet to pass by the set rules, so that the administrator must assume the security responsibility of the policy error. However, this assumption of the traditional firewall is not appropriate for network security, and the security effect is not good. Handing security responsibility to the security administrator does not actually solve the security issue. A new generation of firewalls should enhance the security of the release data, because the real demand for network security is to ensure security, but also to ensure the normal application.

This article describes the Smart Firewall is a smarter, more intelligent firewall products, it overcomes the traditional firewall "one tube dead, on the chaos" situation, fixed the above firewall's major assumptions. The new smart firewall changes the concept of "exit" to the concept of "gateway", and all packets passing through the "gateway" must be inspected by the firewall. In contrast to the data matching inspection techniques used in traditional firewalls, the new intelligent firewall uses AI recognition technology to determine access control. Smart firewalls are more secure and more efficient than traditional firewalls.

Traditional firewalls face application problems

The current firewall, both technically and product development process, has experienced five stages of development. The first generation of firewall technology is almost simultaneous with routers, using packet filtering (Packet filter) technology. In 1989, Dave Presotto and Howard Trickey of Bell Labs introduced a second-generation firewall, the circuit-layer firewall, and presented a preliminary structure of the third generation firewall-application-layer firewall (proxy firewall). In the 1992, the Bobbraden of the USC Information Science Institute developed a fourth generation firewall based on dynamic packet filtering (dynamical packet filter) technology, which later evolved into the current state monitoring (Stateful inspection) technology. In 1994, Israel's checkpoint company developed the first commercially available product to adopt this technology. In 1998, NAI introduced an adaptive proxy (adaptive proxy) technology, which was implemented in its product Gauntlet Firewall for NT, giving a new meaning to the proxy type firewall, which could be called the fifth generation firewall.