先决条件–计算机网络中的防火墙简介和防火墙类型
1.传统防火墙:
传统的防火墙是网络安全设备,通常会根据状态,端口和协议对进入或退出网络内部网络的网络流量进行状态检查。因此在简单的传统防火墙中主要控制流的控制。它具有虚拟专用网(VPN)功能。但是,如今,传统的防火墙无法有效地提供所有必需的防护,以应对当今正在发生的如此先进的各种类型的网络威胁。
2.下一代防火墙:
下一代防火墙是一种网络安全设备,它通常不仅可以根据状态,端口和协议对进入或退出网络内部网络的网络流量进行状态检查,而且还包括比传统防火墙更多的功能。简而言之,下一代防火墙仅称为NGFW。
下一代防火墙中包含的其他功能如下:
- 应用意识和控制
- 集成入侵防御
- 深度数据包检查(DPI)
- 集成入侵防护系统(IPS)
- 云交付的威胁情报
- 安全套接字层(SSL)检查和安全外壳(SSH)控制
- 沙盒整合
- 启用的保护列表对性能没有影响
- 先进的威胁防护
- 网页过滤
- 防病毒,反垃圾邮件,反恶意软件
传统防火墙和下一代防火墙之间的区别:
| S.No. | TRADITIONAL FIREWALL | NEXT GENERATION FIREWALL |
|---|---|---|
| 01. | Traditional firewall mainly provides stateful inspection of incoming and outgoing network traffic that entering or exiting point inside network. | Traditional firewall provides stateful inspection of incoming and outgoing network traffic that entering or exiting point inside network along with many additional features. |
| 02. | Traditional firewall is old firewall security system. | Next Generation firewall is advanced firewall security system. |
| 03. | It provides partial application visibility and application control. | It provides fully application visibility and application control. |
| 04. | Traditional Firewall works on layer 2 to Layer 4. | Next Generation Firewall works on layer 2 to Layer 7. |
| 05. | It does not support application level awareness. | It supports application level awareness. |
| 06. | Reputation and identity services are not supported in it. | Reputation and identity services are supported in it. |
| 07. | In traditional firewall separately managing security tools is expensive. | In next generation firewall it is easy to install and configure integrated security tools and reduces administrative cost. |
| 08. | It does not provide complete package of security technologies. | It provides complete package of security technologies. |
| 09. | Traditional firewall can not decrypt and inspect SSL traffic. | Next Generation Firewall can decrypt and inspect SSL traffic in both in and out direction. |
| 10. | It supports Network Address Translation(NAT), Port Address Translation (PAT) and Virtual Private Network (VPN). | It extends the functionality of Network Address Translation(NAT), Port Address Translation (PAT) and Virtual Private Network (VPN) and makes integration of new threat management technology like sandboxing. |
| 11. | Integrated Intrusion Protection System (IPS) and Intrusion Detection System (IDS) are deployed separately. | Integrated Intrusion Protection System (IPS) and Intrusion Detection System (IDS) are fully integrated with it. |