Introduction
With the extensive application and popularization of Internet, network intrusion, virus attack, spam, security processing and common people have become increasingly concerned about the topic of focus, as the first line of network boundaries, from the initial configuration of the router device access policies for security, to the formation of a professional, independent firewall products have flooded the entire online world. As the protection of network perimeter security products, firewalls and technology has gradually matured and recognized for our users. However, the problems exposed by the firewall also slowly emerged to face the future development trend of high-end firewall, either from the user or supplier, are inevitably into a new type of firewall technology on the demand side.
1, high-performance firewall needs
High-performance firewall is the trend of future development, a breakthrough high-performance hardware firewall is the limit structure. For high-end firewall technology, now divided into three ways: IPC based on a common processor architecture, based on NP technology, based on ASIC chip technology. Industrial Computer Architecture of the biggest advantages is the flexibility, but in large data traffic handling efficiency will be affected network environment, so in the face of high performance in this regard will be phased out and into the low-end market trends. NP technology is a technological breakthrough in recent years, its advantage lies in the underlying data network forwarding and Chu Li, but if you want to achieve control and audit security policies, in particular, is a layer of depth control for Ying Yong side also require substantial R & D, the relative the development of the interface aspects of the difficulty has limited its deeper development. Although the development of ASIC technology is difficult, but it can ensure the efficiency and well integrated firewall functionality, in the future security of the road network, the firewall using ASIC chip technology will become dominant.
2, management interfaces and the integration of SOC
If the information security technology as a whole act, then face the future development trend of the firewall management interface and SOC integration must also be taken into account, after all, security is a whole, rather than a single product can solve. With the work safety management and safe operation of the implementation, SOC as a security management solution has been vigorously promoted. Security management is more effective to control the security risks controllable range, so to reduce and prevent information security incidents. The firewall as a security product access control mechanisms, in order to play effectively in the security management role, must take into account the integration with the SOC, which relate to various manufacturers of firewalls in the process of technology development and cooperation in general .
3, anti-DoS capabilities
As the saying goes: one foot, the law is strong, from the vicious attacks in recent years, the situation of the network point of view, solve the DoS attack is a firewall issue must be considered. As a network edge device, in the event competing for bandwidth and high-volume attacks, often the first to lose resistance is occurring here. And improve the ability of a firewall against DoS technical problems, are entangled with the general firewall vendors. Constantly updated on new technology today, all manufacturers have to solve the DoS problem target up. ASIC chip architecture using a firewall, you can take advantage of its fast processing capabilities of network traffic to resolve this issue in the attacks. But solving this problem is not simply rely on ASIC chip architecture can be, the more or the application layer attacks for the problem of the emergence of new technologies need to be.
4, slow down the spread of worms and spam, the speed function
Network of rapid development, has become a breeding ground for viruses, spam and the emergence of a more extended the risk of network security threats. According to computer security firm MessageLabs reports the company has seen spam and virus makers to jointly develop the trend toward more intelligent virus and the virus spread through e-mail. As the network perimeter security devices, future trends in the firewall, virus and worm mitigation and reduce the spread of spam, is an integral part of the. The firewall is only through support anti-virus and anti-spam features is not enough, even if it to carry out effectively the linkage function, 那么 下 this firewall products, and the situation today Jubei, Ye only fast processing hardware, to achieve the embedded virus engine and handling spam engine, to complete the real security solutions. But only through the support and linkage, then this case, their need third-party products do not have it, and not in the true sense of the problem. Strengthen the firewall in the size of the data processing and strength, has become the next inspection firewall, high granularity of data trends.
5, cut off the invasion of intelligent behavior
Security is a dynamic process, and for the foresight and intelligent intrusion cut off the firewall as a border security equipment, it is also a major issue for future development. IPS starting from the point of view, the future of the firewall must have this feature, because the customer can not afford to spend only two of a border security money away. So, with smart cut on the intrusion of a integrated, multi-function firewall, will be market demand.
6, multi-port and is suitable for flexible configuration
Multi-port firewall can provide security for the user a better solution, but as a multi-port, flexible configuration of the firewall, the firewall is the future trend.
Summary
With the network processor and ASIC chip technology innovation, high performance, multi-port, high granularity control, slow spread of viruses and spam, and intrusion smart cut, and enhancing DoS attack against the firewall, will be the future Firewall trend.