Shulou(Shulou.com)06/01 Report--

Typical DDoS attacks that "win" with network layer traffic also tend to move down to the usage layer in recent years-as of 2013, more than 1/4 of DDoS attacks are based on user procedures, and this share is still increasing year by year. In sharp contrast, with the rapid development of Internet skills, critical business activities continue to rely on the use of the Internet, which means exposing increasing dangerous points.

A new generation of security battles, a new battlefield.

The traditional firewall is mainly about the general protocol, unable to analyze the use of protocol packets, and it is difficult to guard against more sexual network attacks. With the development of skills and the transaction needs of Internet + 's era, today's firewall users urgently need to view and filter data packets at a deeper level. For example, users can transfer files via QQ, and some of the transferred files may introduce dangerous malicious files. In this transaction scenario, even if the traditional firewall can confirm the QQ service running by the port number, it can not achieve in-depth view at the file level, let alone many uses running on non-standard ports.

Although it is too early to assert that the traditional strategy-centered protection system has completely failed, under the background of the transition from network-level attack to Web-based attack, we can draw a conclusion: the firewall, which lacks the ability to view and protect the user layer, will inevitably face the dilemma of "being incorruptible and not able to make a living". The emphasis of the new generation of security lies in the use of security, which lies in the intact solution provided by the Web usage layer.

How to resolve the user layer crisis of the next Generation Firewall

There is more than one reason to make the next-generation firewall "next generation". User identity awareness, high scalability, and use awareness (application awareness) are all typical labels of the next generation firewall, but "use awareness" is undoubtedly the simplest buzzword related to the next generation firewall. The use of the concept of perception seems clear now, but to some extent it is misleading. It is now clear because the next-generation firewall can relate traffic to specific uses in detail, and it is misleading because the security ability of the next-generation firewall should not be limited to viewing the traffic used in identification. what is more important is the result of identification: selectively blocking or otherwise restricting the use of use, or even the sub-use of use. Instead of just blocking specific ports and protocols like traditional firewalls.

Under the new security situation, firewall users need to have a deeper understanding and understanding of the use of the operation of the whole network. Many of the newer security devices in recent years provide in-depth message viewing (DPI), precise control, and use-aware functions to help companies manage the web divide. According to the research results of Eric Maiwald, director of Gartner research, "Modern firewalls more or less have some next-generation genes, including integrated aggressive viewing function (IPS) and very good use and control skills. These seem to have become standard firewall equipment today, and almost all mainstream security manufacturers can tell a story about the next generation." But after all, a story is a story, and what is more important than listening to a story is to know how to evaluate the "next generation" and whether it should be moved to the "next generation".

Real-time viewing and analysis of abnormal practices is the primary driving force for many users to advance to the next-generation firewall. Many IT executives report that the most significant change after the deployment of the next-generation firewall is the inspection of occupied hosts-some companies can find botnets and invaded hosts in the intranet on the same day. This is due to the fact that the next-generation firewall can view the useful load of packets and make decisions based on these practices, and can also provide very good content filtering skills-- the ability to check intact network packets, not just network addresses and ports. this makes the next-generation firewall have a stronger logging function, such as the ability to record instructions announced by a particular program. This provides valuable information for identifying abnormal practices in use.

More sophisticated user-layer security manipulation is another "killer mace" of the next-generation firewall. In the context of the network blackmail, which comes from the user layer, users naturally have to make higher requests for network visit manipulation. How to accurately identify users and users, block the use of hidden security hazards, ensure the normal use of legal use and other questions, has become the focus of attention of users at this stage. But today, with the rapid development of network usage, more than 90% of the network usage is running on HTTP 80 and 443. extensive use can carry out port multiplexing and IP address correction, so that the IP address is not equal to the user and the port number is not equal to use. the traditional visit control strategy based on quintuple is useless. Users of the next-generation firewall, using visualization skills, can identify and manipulate the use according to the practices and characteristics of the use; if it can complete seamless docking with a variety of authentication systems (AD, LDAP, etc.), it can further automatically identify the user information corresponding to the current IP in the network, draw a three-dimensional portrait of people-content-use, and be satisfied with the new generation of security network management requests.

The next generation firewall is not a panacea.

Different from the traditional feature-based viewing engine, the inherent gene of the next-generation firewall is to perceive the user and use, in the final analysis, to understand the context of the network message. Although this saves the feature library, it does not mean that the next-generation firewall gets rid of the tedious task of regular promotion; on the contrary, the next-generation firewall needs to discontinuously learn the growing use of fingerprint features to maintain the timeliness of use identification. Because these fingerprint features do not depend on easily identifiable features such as ports and protocols, and sometimes even include the content of specific messages, protecting the rule set of the next-generation firewall is a more important mission. In addition, with regard to non-generic uses, such as private uses customized by many large companies, next-generation firewalls may not be recognized. In this case, users still need to manually increase the use of fingerprint features, and this process may be repeated after each private use promotion. The next-generation firewall is so unintelligent that it will greatly reduce the "next-generation" image of many users.

The next generation uses layer firewall skills to overcome the shortcomings of the traditional "divide firewall", integrates security skills such as IPS and anti-virus, completes a full range of security solutions from the network to the server and the client, and is satisfied with the security requests used and carried out by the company. Looking forward to the future, with the emergence of more shady user layer attacks, firewalls will face more protocol parsing and more use identification in the future. therefore, the future use of layer firewall will be carried out in the direction of greater protection function and more detailed granularity control. Excerpt from qanda.ren/21/1/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.