【 Weak current College 】 distributed firewall fill defects of a perimeter firewall---Power By 【 China power house network 】

<br> <BR> traditional network firewalls are deployed in the border as it is called the border firewall. .Boundaries within the enterprise firewall, network and form a barrier between the external Internet, responsible for implementing network access control. .With the further development of skills in network security, border firewall gradually revealed some weaknesses, specifically in the following aspects. .<BR> Limited by the network firewall <BR> the working mechanism of the border depends on the network topology. .As more and more users using the Internet architecture regional corporate networks, mobile and server hosting increasingly common, with e-business requirements in a certain business partners to each other under the authority of access, corporate intranets and the Internet has become the logical boundary .The concept of border firewalls have also been more and more use of limited. .<BR> Internal borders are not secure firewall configuration <BR> security policy is based on a basic assumption: people outside the corporate network are not credible, while the people inside the enterprise network are trustworthy. .In fact, nearly 80% of the attacks and unauthorized access to corporate networks from the inside, perimeter firewalls for enterprise networks from internal attacks appeared to be inadequate. .<BR> Less efficient and more fault checking mechanism <BR> border firewall to focus on a single point on the network perimeter, the resulting network access bottlenecks, and allows the user to choose a firewall product, first consider the detection efficiency, followed by .security mechanism. .Security policy is too complex and further reduces the efficiency of the border firewall. .To meet the needs of different uses, the efficiency of border firewalls and security policy had to compromise between the take, therefore leaving many security risks. .In addition, the border firewall itself there is a single point of failure risk, in the event of doubt or hackers conquer the entire enterprise network will be completely exposed in front of the attacker. .Border firewall for defects, the experts proposed distributed firewall program. .Distributed firewalls are divided into narrow and broad. .Plug loopholes within the network is distributed firewall expertise. .Generalized distributed firewall <BR> generalized distributed firewall is a new firewall architecture, including network firewalls, host firewalls, and central management of three parts. .Network firewalls deployed in between the internal network and external networks and subnets within the network. .Network firewall features of the firewall is different from the boundary, the network needs to support the internal network firewall may have IP and non IP protocols, the firewall does not need the boundary. .Host firewall on the network server and desktop systems in the implementation of protection, the physical location of the host enterprise network may also be outside the corporate network (such as hosting a server or mobile office portable machine). .The border firewall is a single device in the network, the management of its implementation can only be local management. .For the generalized distributed firewall, the firewall as a security monitoring system for each part of the safety requirements must be based on different arrangements required in the network to any location on the broad distribution of the management of the firewall must be uniform implementation, the center management .Distributed firewall system is the core and the main characteristics. .Security policy and log a summary of the distribution center management are all available features. .<BR> <BR> Narrowly distributed firewall is narrowly distributed firewall resides on the network hosts (such as a server or desktop machine) and the host system software products to provide security, presence of the host is the main features of such a firewall. .Such a firewall other than the presence of host networks are regarded as untrustworthy, and the presence of host use and operation of service settings to provide both highly targeted security policy. .<BR> Embedded operating system kernel used is another feature of the narrow firewall. .The operating system itself there are many security holes, so that the use of software running on it under threat, firewall software can be spared. .To completely block the operating system vulnerabilities, security monitoring narrow core of the engine firewall must be embedded in the operating system kernel and directly take over the card, checks are performed on all packets and then submitted to the operating system. .To achieve this operating system, firewall vendors and operating system vendors have to perform skills in co-operation. .Embedded operating mode can not be achieved due to the narrow operating system firewall security constraints, there are obvious security risks. .<BR> Narrow for the desktop use of distributed firewalls and personal firewall are similar, as are the corresponding individual system, but the difference is essential. .First of all, their management in different forms, a personal firewall security policy configured by the system used by their goal is to prevent external attacks; and narrow use for the desktop firewall security policy is configured by the administrator unity, in addition to the desktop to play .defense role, but also the desktop to control external access, and this security mechanism is the use of those who can not be altered. .Second, the personal firewall for individual users, and the narrow use of a firewall for the desktop for the enterprise users, enterprise-level security processing part of the program. .<BR> Security is a typical soft EverLink narrowly distributed firewall, the firewall work in the personal computer (Windows platform), according to security policy document, and Trojan horses in the packet filter filter filter double check the configuration. .Among them, the contents of security policy file in the installation and use of the user to set the security level of the process and the implementation of the identified security attributes. .Packet filter for IP packets, both checks are performed on the vast majority of network protocols (such as TCP / IP, UDP / IP, ICMP, etc.), but also can connect to the network access of non-oriented (such as UDP, RPC, etc.) .implementation of state-based filtering. .Trojan horse Trojan horse known filter to shield the implementation of the access network; identification procedures used at the same time, you can find the unknown Trojan horses, and added to the screening list. .Soft EverLink Distributed Firewall Security Intrusion Detection Network Attack can find common essentials, such as port scanning, denial of service attacks, source routing data packets attacks, has repeatedly connections, automatically shielding the source address of launching cyber attacks, and found that the .attacks recorded in the log. .<BR> Use in managed services, Internet and e-commerce development <BR> prompted the rapid rise of Internet data centers, data centers, one of the main business is to provide server hosting services. .On the server hosting the user, the server is logically part of the corporate network, but is not physically within the enterprise network. .For this use, the distributed firewall is very handy. .Users only need to install on the managed server firewall software and the use of the server configuration under the security policy, the use of central management software to the server to perform remote monitoring without having to hire any additional new space to keep the border firewall. .<BR> The century Internet, for example, the Internet data center to provide managed firewall managed range of services, including firewall services, network used is Jinnuo Yi's CyberwallPLUS-SV distributed firewall. .<BR> A, B, C are hosting users, these users have a different number of servers in the data center hosting, server, there are also different use. .If the server hosting the user wants the security of these questions entrusted to the data center professional security services to be responsible, to be signed with the corresponding security data center service assurance contract. .Data Center security services are required to provide security services installed on the server of a CyberwallPLUS-SV host firewall products, and according to user specific requirements, set the appropriate strategy. .Installed CyberwallPLUS-CM for central management system management terminal, data center security services of skilled personnel can be commissioned for all security services in the data center server monitoring the implementation of the security situation and provide security logging. .<BR> <BR> <BR>.