Second generation firewall standard release: Fusion security, depth content detection, Application layer performance

On the afternoon of February 4, 2015, under the guidance of the Ministry of Public Security and the Ministry of Information Technology Informatization, the Third Research Institute of the Ministry of Public Security and other relevant departments, the deep convincing science and technology, NSFocus and the net God Information technology were jointly held by the second generation Firewall standard conference in Beijing National Conference Center.

The chief engineer of the Network Security Bureau of the Ministry of Public Safety, Shun Chunming of the Third Institute of the Ministry of Public Security, as well as the senior security experts who are deeply convinced, NSFocus and Guo Qiquan, made an important speech at the meeting.

Guo Qiquan introduces the current situation and future direction of China's network security development, he pointed out that the country has upgraded its network security to a strategic level and that the Network Security Act will be enacted in the future. 2015 is the national Network security "Thirteen-Five" Year of Planning, "Thirteen-Five" will be around the national network security top-level design, key infrastructure protection and other aspects of the work. We should speed up the construction of national Network and Information security system, and fully safeguard the security of national network space.

The second generation firewall standard is important to standardize the firewall product market and standardize the network security construction. The national important industry Department should respond positively to the call, will apply the standard to the actual network security construction. In the future, the second generation of firewalls should be elevated to national standards and play a greater role in guiding our information security construction.

Since its inception, the firewall has played a very important role in improving the security of the network. As the first checkpoint of the border network security, the firewall has experienced the technology change of packet filtering technology, agent technology and State monitoring technology, through the ACL access control strategy, the NAT address translation strategy and the network attack strategy, it effectively blocks the packets passing without explicit permission, and protects the network security. However, with the rapid development of network application and the complication of network planning, the adaptability of firewall is becoming more and more obvious.

We learned from Shun Chunming's speech that the traditional firewall based on 2-4 layer Security protection cannot effectively protect the network threat from the application layer, but the UTM of firewall, intrusion defense and anti-virus software, after opening multiple application layer processing function, the performance drops dramatically and cannot satisfy the user's business demand. In this context, the second generation of firewalls and their standards emerged. Shun Chunming experts explained that in order to better meet the needs of domestic users, the second generation of firewalls in addition to the function of the traditional firewall, but also should have the application layer access control, the integration of a number of security features, in-depth content detection, high-performance and other features.

At the same time, Shun Chunming pointed out that the second generation of firewall standards reference a large number of national standards, industry standards, research on the domestic many industry users of the network security construction needs, and the standard of 6 rounds of discussion and modification, it is a can guide users to carry out information security and grade protection construction of the mature standards

In addition to the basic function of firewall, the second generation firewall should have the functions of application level, application layer, security protection, user control, depth content detection, high performance, and high capability of resisting attack.

The second generation firewall not only retains the access control capabilities of the old standard for firewalls, such as packet filtering, status detection, NAT, routing functions, and bandwidth and session management functions, but also increased the application-level control of the functional requirements, the standard requirements of the second generation firewall can identify the application layer protocol, and access control strategy.

The second generation firewall blends the firewall function with the Intrusion prevention function, not just the simple function merging. Thus, it can effectively protect against the new threat attacks such as vulnerability attack, port scan and malware attack, and improve the attack protection capability of the second generation firewall.

Web attack as one of the mainstream attacks in today's network, the second generation of firewalls should be able to detect and protect, to achieve the requirements of the overall security protection, the second generation of firewalls to fuse the protection of web attacks, a good embodiment of the second generation of firewall standards of the advanced principle.

In order to effectively deal with the more popular information disclosure threat, the second generation firewall should have the content level threat detection ability.

Security products in the Application Protocol identification and protection, should not be too much impact on system performance, in order to solve the performance of multiple product deployment caused by the problem, the second generation of firewalls to meet the support of the million-gigabit network in tandem deployment requirements.

Deeply convinced, the Green Alliance, the network God information Three organizers of the senior security experts around the second generation of firewall fusion security, depth content detection and mixed packet performance three characteristics, the user's network security needs for detailed analysis. Among them, network God security expert Wang Gang talked about, the choice of the firewall needs the customer from the business function and the security function demand, current and future network environment development, attack and defend value three dimensions to consider. The second generation firewall realizes the single path matching of the data, the data packet needs to be decoded only once to meet the need of each application Layer protection module, which is helpful to improve the performance of the equipment, so that all the security function modules can really open and play a role. At the same time, the integration of multiple security modules can fully correlate the information produced in the process of data detection, and the user can master the whole threat without manual excavation and analysis.

The second generation of firewall standards, applicable to the domestic government, enterprises, finance, operators and other industries of information security construction, including protection of the level of construction, grading protection and construction industry security. Its release, for information security construction to the integration of security transformation has a guiding significance, but also effectively reduce the deployment of a variety of security products to administrators brought about by the management burden. In addition, it solves the problem of performance stress caused by multiple product deployments in the network.