智能网络防御系统(防火墙)的来世今生,浅谈对网络防御和防火墙看法

智能网络防御系统(防火墙)在百科词典都有定义,不再多说。主要说几个特征和发展趋势,在以下几个方面:

1、智能规则生成,智能网络规则通信通知。
2、未知网络威胁报警、检测。

3、入侵检测,对数据包作在线或离线分析等。
4、结合人工智能等技术,对防火墙的网络通信内容作检测分析等。
5、网络流量分析和告警技术,系统分析和得到网络当前安全状况。
6、网络防御能力,对高速网络吞吐和拦截能力。

智能防火墙是相对传统的防火墙而言的,顾名思义,它更聪明、更智能。80%的用户非常接受智能防火墙的概念,在他们的眼里,不聪明就是不可靠、不安全。找个不聪明的保镖,你觉得安全吗?传统防火墙存在的很多问题,用户往往难以理解。用户经常会问,为什么防火墙不能防止黑客的攻击?安全专家用记录的数据来分析,一眼就发现黑客的攻击,为什么防火墙不行?原因就是传统的防火墙是一个简单机制,只能机械地执行安全策略。
智能防火墙从技术特征上,是利用统计、记忆、概率和决策的智能方法来对数据进行识别,并达到访问控制的目的。新的数学方法,消除了匹配检查所需要的海量计算,高效发现网络行为的特征值,直接进行访问控制。由于这些方法多是人工智能学科采用的方法,因此被称为智能防火墙。一个典型的例子可以说明智能防火墙对网络安全是多么的重要。传统的防火墙对包的检查,就像对人的相貌的识别,采用图像识别一样。把一个人的相貌转换为图像,对图像的每一个像素进行记忆,然后进行匹配检查。通过检查上千万个像素之后,告诉你这是谁。人不是这样来识别相貌的。人几乎没有计算就可以实时地识别你是谁。这就是智能识别。智能防火墙无须海量计算就可以轻松找到网络行为的特征值来识别网络行为,从而轻松的执行访问控制。总之,智能防火墙的出现正可谓应运而生,必将把信息安全带入新的境界。

The Abnormal Behavior Analysis capability of the Hillstone Intelligent
Next-Generation Firewall (iNGFW) product. This technology offers a cutting-edge method of detecting
unknown threats by analyzing user and server traffic, tracking a myriad of traffic parameters, and
correlating and comparing the gathered data to limit risk and reveal potential new threats in advance.
Over a period of system learning, each tracked parameter generates a baseline, as well as high and low
thresholds. Subsequent behavior patterns violating these thresholds are deemed abnormal and the
system generates a threat warning. The correlation of time, parameters exhibiting abnormal behavior,
through graphic displays and system warnings enable you to recognize and prevent potential new
threats in advance of them impacting your network operation or applications. Abnormal Behavior
The iNGFW provides Abnormal Behavior Detection technology significantly different from the technology
used in traditional firewalls and firewalls based on signature detection. Signature-detection firewalls use a
static detection technology that can only detect threats already known within its database of signatures. In
contrast, Abnormal Behavior detection is a dynamic technology that builds a model of traffic and behavior
parameters based on the collection and analysis of historical traffic, enabling the iNGFW also to detect
unknown threats.
The behavior baseline can be adjusted dynamically based on time and parameter thresholds to provide early
warnings. These warnings alert the administrator to unexpected or abnormal traffic patterns and can help
prevent unknown threats before they happen.

Abnormal Behavior Analysis technology reduces operational risk in corporate network services and ensures critical business continuity.Analysis is particularly well suited to HTTP and application-layer attacks.Self-learning method , firewall rules based on Hash algorithm.automatically generating a comprehensive rules white-list for firewall detection.

发表评论