Regarding server security, one of the most common problems newbies encounter is: Which firewall should I choose? Faced with such a wide variety of server firewalls, when choosing, is it considering the vendor's visibility or the performance of the firewall itself? Is it better to choose a domestic firewall or a foreign firewall? Is the enterprise firewall that uses the charge still try a free firewall? These problems are very headaches.
Different application environments and different usage requirements have different requirements for firewall performance. So to really find a suitable server firewall, the key point is to carefully analyze the needs of the server firewall, consider the advantages and disadvantages of various types of server firewalls. In order to help newcomers have a more general direction when choosing a server firewall, we will introduce the general classification of server firewalls and the advantages and disadvantages of different types of server firewalls.
First, according to the composition of the structure, the type of server firewall can be divided into hardware firewall and software firewall.
The hardware firewall essentially embeds the software firewall in the hardware. The hardware and software of the hardware firewall need to be designed separately. The dedicated network chip is used to process the data packets. At the same time, a special operating system platform is adopted to avoid Security vulnerabilities in the general operating system have caused internal network security to be compromised. That is to say, the hardware firewall is to make the firewall program inside the chip, and the hardware performs the protection function of the server. Because of the embedded structure, it is faster, more powerful, and more powerful than other types of firewalls.
Software firewalls, as the name suggests, are software products installed on server platforms that optimize network management and defense functions by working at the bottom of the operating system. The software firewall runs on a specific computer. It requires the support of a pre-installed computer operating system. Generally, this computer is the gateway of the entire network. Software firewalls, like other software products, need to be installed and configured on the computer before they can be used.
Hardware firewall performance is better than software firewall, because it has its own dedicated processor and memory, can independently complete the function of preventing network attacks, but the price will be much more expensive, changing the settings is more troublesome. And
software firewall is installed on the server as a gateway, using the server's CPU and memory to achieve anti-attack capabilities, in the case of serious attacks may take up a lot of server resources, but relatively cheap Much more, it is also very convenient to set up.
Second, in addition to the structure of the server firewall can be divided into software firewall and hardware firewall, can also be technically divided into "package filter type", "ldquo; application agent type" and "and" Status monitoring & rdquo; three categories. How complex is the implementation of a firewall, in the final analysis, the function expansion based on these three technologies.
1. Packet Filtering
Packet filtering is one of the earliest firewall technologies. Its first generation model is static packet filtering, which works on the network layer in the OSI model. The developed dynamic packet filtering works on the transport layer of the OSI model. The packet filtering firewall works in a variety of channels for incoming and outgoing data packets based on the TCP/IP protocol. It uses this network layer and transport layer as data monitoring objects, for each packet header, protocol, address, and port. Analysis of the type, type, etc., and check against the pre-set firewall filtering rules. Once one or more parts of a package are found to match the filtering rules and the condition is "Block", the package is Will be discarded.
The advantage of firewalls based on packet filtering technology is that it is easier to implement for small, less complex sites. However, its shortcomings are very significant. First, the rules table for large-scale, complex site packet filtering will soon become very large and complex, and the rules are difficult to test. As the table grows and complexity increases, the likelihood of a loophole in the rule structure increases. Second, this firewall relies on a single component to protect the system. If there is a problem with this component, or if an external user is allowed to access the internal host, it can access any host on the internal network.
2. Application Proxy
The application proxy firewall is actually a small transparent proxy server with data detection filtering, but it is not purely in a proxy device. Embedded packet filtering technology, but a new technology called application protocol analysis. The application proxy firewall can perform active and real-time monitoring of data at each layer, and can effectively determine the illegal intrusion in each layer. At the same time, such firewalls generally have distributed detectors that can detect attacks from outside the network and also have a strong defense against malicious attacks from within.
The application proxy firewall is based on proxy technology. Each connection through the firewall must be established on the agent process created for it. The proxy process itself consumes a certain amount of time, so the data is passing through the proxy firewall. In the inevitable data lag, proxy firewalls are at the expense of speed for higher security than packet-filtering firewalls.
3. Status Monitoring
This firewall technology uses a module called “Status Monitoring” to extract relevant data without affecting network security and normal operation. The method monitors all levels of network communication and makes security decisions based on various filtering rules. Status monitoring can analyze the contents of the package, so that the traditional firewall is limited to the detection weakness of several packet header information, and the firewall does not need to open too many ports, further eliminating the security that may be caused by too many open ports. Hidden dangers.
Because state monitoring technology is equivalent to combining packet filtering technology and application proxy technology, it is the most advanced, but due to the complexity of implementation technology, it can not achieve true and completely effective data security detection in practical applications. And it is difficult to design a perfect defense based on this technology on a general computer hardware system.
Third, the mainstream server software firewall recommended
When choosing a software firewall, you should pay attention to the security and efficiency of the software firewall itself. At the same time, consider the configuration and management convenience of the software firewall. A good software firewall product must meet the actual needs of users, such as a good user interface, which can support command line management, GUI support and centralized management. Below we recommend several well-known software firewalls for your reference:
1. Norton Firewall Enterprise Edition
Norton Firewall Enterprise Edition, suitable for enterprise servers, e-commerce platforms and VPN environments. This model provides safe failover and maximum uptime. The software firewall uses proven firewall management to maintain, monitor, and report to provide meticulous perimeter protection. Its flexible services can support any number of firewalls, supporting a single firewall or supporting a company's global firewall deployment. At the same time, the software also provides a set of powerful user authentication methods including Windows NT Domain, Radius, digital authentication, LDAP, S/Key, Defender, SecureID, enabling administrators to flexibly select secure data from the user environment. .
2. Server Security Dog
Server Security Dog is a practical system for providing server security for IDC operators, virtual host service providers, enterprise hosts, server administrators and other users. It is a server security protection tool that integrates DDOS protection, ARP protection, network connection, network traffic and IP filtering. With real-time traffic monitoring, server process connection monitoring, timely detection of abnormal connection process monitoring mechanism. At the same time, the firewall also has intelligent DDOS attack protection, which can defend against server attacks such as CC attacks, UDP Flood, TCP Flood, SYN Flood, and ARP. The firewall also provides detailed log tracking capabilities to find the source of the attack.
3. KFW proud shield server version
KFW proud shield firewall system is a comprehensive, innovative, high security, high performance network security system. It guards the enterprise network according to the security rules set by the system administrator, and provides powerful access control, state detection, network address translation (Network Address Translation), information filtering, and flow control. Provides comprehensive security settings for access control through a high-performance network core.
4. McAfee Firewall Enterprise
Advanced features of McAfee Firewall Enterprise such as application monitoring, reputation-based global intelligence, automated threat updates, encrypted traffic detection, intrusion prevention, virus protection, and content Filtering, etc., can intercept attacks in time to make them unsuccessful.
5. Ice Shield Professional Anti-DDOS Firewall Software
Ice Shield Firewall Software has good compatibility, stability and enhanced anti-DDOS capabilities, suitable for legendary servers, miracle servers, websites. Servers, game servers, music servers, movie servers, chat servers, forum servers, e-commerce servers and many other host servers. The firewall software intelligently identifies various DDOS attacks and hacking behaviors. In terms of anti-hacking, the software can intelligently identify more than 2000 hacking behaviors such as Port Scan, Unicode Malicious Encoding, SQL Injection Attack, Trojan Trojan Upload, Exploit Exploit Utilization.
Server DIY is popular among people for its high cost performance, low energy consu
on your own machine djangos introductory book has been read the second time, and the environment is
On the article about script intrusion, the Internet is already flooding. Although there are many ori
Simply put, phpmyadmin is a mysql management tool. After installing the tool, you
"Error 404--Not Found" error handling method (403 error can be solved)
How to prevent the attack on the IIS server
TCP/IP filtering open and close methods
Interpretation of NEC's X86 fault-tolerant server technology
For the first time with the server webmaster common mistake
Maintaining server stability requires attention to seven major issues
Linux/centos rsync installation and configuration tutorial (measured pass)
Nginx Tip: 500 Internal Server Error Error Solution
Nginx and apache limit ip connection number and bandwidth method
How to set the release sound volume of the sound card in Windows 7 system
Black-and-green green arrow icon appears in the upper left corner of the screen when typing
Improve multi-threaded download speed in Vista
Win8 blue screen prompts need to restart how to solve?
How to convert Windows file system from FAT to NTFS format
WinXP dialing prompt 678 error how to solve
Ingeniously restore the "Show Desktop" icon in the WinXP Quick Launch Bar
Maybe you don't know the three power plans of the Windows 7 system. The