1-网络安全发展趋势-UTM硬件升级 - Vincent Cai.ppt

成功案例 蒙牛集团全国财务VPN网络 中国石油物资装备公司 中原地产业务VPN网络 德国奔驰汽车北京生产基地 丰田汽车 德国TUV上海公司 海克斯康HEXAGON AB 集团 国家会计学院 东北财经大学 中国政法大学 烟台南山集团及南山学院 山东工艺美术学院 登喜路中国有限公司 中国民生银行 河南移动 上海电力 郑州电力 云南电网 贵州省工商局 东莞市卫生局 深圳创维电子 上海市公证处 上海市气象局 上海上好佳食品有限公司 上海新世界百货有限公司 马鞍山钢铁集团 中兴通讯 * * The first firewall technology developed to provide Internet security was a basic packet filter. In a packet filtering solution, you can define what types of IP traffic (TCP, UDP, ICMP, GRE, etc.) can pass through the firewall. A packet filter allows you to create simple ACL (Access Control List) defining which protocols and ports can pass through the firewall. However, once you open a port, traffic is then allowed in both directions. Additionally, these are static mappings and often cannot deal with complex dynamic port protocols like H.323 and even games. To support these applications, packet filters require opening a wide range of ports and decreasing your overall security. Today, this technology is most often found in basic routers from companies such as Linksys and Netopia. These products are targeted at the consumer marketplace and have very low price points. But, they do not offer the performance or security levels typically required by a business environment. PRO ---Inexpensive CON --- Lower performance, weaker security * The application layer firewall was the next development in firewall technologies. This type of firewall operates at the top of the network protocol stack. It inspects the entire communication and each and every packet. It also understands the application itself and can inspect the data stream at that high layer. The drawback in this type of technology is complexity and speed. This type of firewall actually proxies the communication stream between the client and the application. It breaks the communication and inserts itself in the middle. This requires it to intercept, rebuild, inspect, and then forward each and every packet. This introduces considerable overhead and latency i