Shulou(Shulou.com)06/02 Report--

What is the difference between an ordinary firewall and a modern firewall? many beginners are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

With the development of modern network technology and the deepening of network application, the traditional ordinary firewall has been difficult to meet the requirements, so there is an urgent need for a product that can ensure the security of each network endpoint. So the modern firewall appeared. So what's the difference between an ordinary firewall and a modern firewall? To put it simply, the traditional firewall is mainly to resist all kinds of attacks, while the modern firewall can provide client defense and network protection. The following is the editor's detailed analysis of ordinary firewalls and modern firewalls:

The desolation of traditional firewall

Traditional firewalls can only block or allow specific IP addresses and ports, and what they can protect is quite limited. The most common application scenario is to prevent unauthorized users or malware from connecting to unprotected listening services or daemons. Even ignoring the super efficiency of routers in IP/ port filtering, the times and types of attacks have changed, and traditional firewalls are now largely non-existent.

Twenty years ago, it made sense to block unauthorized connections. Most computers are poorly guarded and have weak passwords, not only full of flawed software, but also services that allow anyone to log in or connect. Sending a malformed network packet can get rid of an ordinary server, and this is only needed if the administrator does not set up a full administrator privileges remote service that allows anonymous connections. If you set up such a remote management service, you can basically feel your way into the server. As for Windows's anonymous NETBIOS connection, it was a valuable asset to hackers for 15 years before Windows XP was banned by default.

If your firewall is only used to block unauthorized IP addresses or protocols, it would be much better and faster to use a router. There is a maxim in the computer security world: "the quickest and easiest way is preferred." That's the truth. If there's something that can be blocked with a faster and more efficient device, use that device as your first line of defense. This will eliminate more unwanted traffic faster and more efficiently. The "upper layer" code of a router is much less than a firewall, and the list of rules is shorter. The conditional decision cycle of a router is several orders of magnitude faster than a firewall. However, it is difficult to say whether these unauthorized connections still need to be blocked in today's threat environment.

Traditional firewalls are best at blocking unauthorized remote connections to listening services, preventing attackers from taking control of the computer by using buffer overflows after the connection. This is the main reason for the birth of the firewall. Defective services are so common that they are considered the norm. Malicious programs such as shockwave and Slammer worms can take advantage of these services to sweep the world in minutes.

Today's services are not that fragile. The programming language that programmers use today will check for buffer overflows by default. Other operating system computer security measures used to prevent traditional exploit methods are also good at doing this. Microsoft finds 130-150 vulnerabilities in its product line every year. Since 2003, about 2000 vulnerabilities have been found. But only 5-10 are for remote use only. During the same period, Apple and Linux machines had more vulnerabilities, but the proportion of remotely exploitable vulnerability processes was the same.

Must

One thing to be clear: although there are hundreds of vulnerable services available, almost all of them require local end users to do something to launch an attack. Either click on a malicious link or visit the horse website. Why do local users have to participate? Because only when the end user does this, can you create an "allowed" outbound connection, and then it makes sense for an "allowed" inbound connection to connect back to the user's computer. Today, almost all attacks are "client" attacks, and traditional firewalls are not good at blocking such connections.

What's so good about modern firewalls?

Today's modern firewalls not only filter ports and sockets, but also have VPN or HTTPS checking functions, and can even perform intrusion detection / prevention, URL filtering, upper layer attack blocking, DDoS attack blocking and inline repair, and so on. Modern firewalls have evolved to go far beyond simple port and protocol blocking.

Traditional firewall operations such as IP address and port filtering are no longer of much value, but most modern firewalls today do much more than that. The modern firewall has evolved from the strict border defense line to the protection layer of the internal fragile core. If you look closely at the various services provided by today's firewalls, you will find that almost as much is used for client protection as for network protection.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.