Anti hardware firewall 2011.
In the information security market and the industry is a hardware architecture and software process continues to be a new breakthrough in order to meet the performance and functionality requirements of double, is pursuing a comprehensive security protection or the pursuit of high-performance security protection, in the existing hardware and software structure of constraints, the goal difference derived out of market positioning and technology development, and the differences with a certain philosophy means that we know this is a contradictory choice, it is difficult to both.
recently in a symposium on the author to ask a network security appliance vendor WatchGuard's Chief Strategy Officer MarkW.Stevens and regional sales director Mr. LEUNG Wai Yip, and together they discussed security gateway technology for the future development of the architecture, development, and firewall products, the market position of some of the industry topic of interest. Benevolent see benevolence, Moses, this article will discuss finishing this time out to write this article, I hope can be inspiring to you, or you want and you can continue to delve into, if you are interested please give me a letter braveheart_317414@yahoo.com.cn. ">braveheart_317414@yahoo.com.cn">braveheart_317414@yahoo.com.cn。 Access to the high-end market ALL-IN-ONE? integrated multi-tier various gateway processing capabilities and is not a new concept, integrated trend in the low-end market is already evident, many face of information security equipment for small and medium-sized enterprises will be firewalls, IDS, anti-virus, VPN, routing capabilities are integrated with known security gateways, integrated functionality more on hardware architecture and software process, the higher the algorithm requirements, need good schema design and coordination capacity between modules. Stevens stressed that the WG by virtue of their own intelligent layered security architecture will these features integrated in the firebox, this allows you to provide customers with high-quality low-price services. but we recognize that the WG's target customers are mainly concentrated in small and medium-sized customers such a low-end market, then in the high-end market, at the present stage ALL-IN-ONE can meet the needs of high-end customers? we know high-end customer's network environment has two very important and fundamental characteristics: the network traffic is very large, complex Web applications. For a security gateway, his function in addition to packet forwarding, you also need to packets are handled in accordance with safety rules and judgment, and from the application layer packet security processing typically require more processing processes that consume more CPU resources, you can enter the high-end market ALL-IN-ONE a fundamental limitation lies in the hardware architecture, in short is the processing speed of the chip can talk to the top. from chip integration point of view, according to Intel experts present in 90-nanometer chip production technology will truly high-performance integrated into one chip CPUNPU4 also almost impossible. even the Intel experts also believe that, even at 60 nm chip production technology of this level of integration are unlikely. This means that in the chip-level security processing and network packet of highly integrated it was restricted to achieve high-speed CPU and NPU "seamless" Internet hardware platform bus technology is currently the real obstacle hindering ALL-IN-ONE, he is the performance and functionality between the fundamental problem is stretched, this disorder does not exclude that the high-end market, it is difficult to be ALL-IN-ONE product living space, after all, the software platform must be built on the hardware architecture. Future firewall hardware architecture development since the hardware architecture is the security gateway product performance basis, future firewall hardware architecture to ASIC for mainstream? on Stevens attitude very clear: he said that the WG does not use ASIC schema now, plans to use in future, although to ASIC for schema firewall performance is very good, but we think the ASIC schema is not suitable for the information security market, in addition to the price of the product ASIC schema elements, a more important reason is the information security market is a market changes very fast, which requires security technology with top hackers technology changes, this will enhance the Organization's information security.
So a line with information security market need hardware platform should be upgraded and the cycle time is short, easy to extend the platform, these two requirements to measure NP and ASIC both schema, clearly more advantageous NP, as to the performance, products based on NP structure can reach Gigabit performance, this indicator on a medium that is sufficient. On the whole NP schema provides a range of AISC and universal compromise between processors, it provides more than generic processor performance, but also a good solution to the AISC in flexibility and programmability problem, he did in data processing power to handle the data transmission of Gigabit network load, complete common network device functions as a network packet processing, data validation, routing, matching up very well, but for more complex data, such as packet reassembly and encryption processing inferior to ASIC schema such as you, so you will need to secure product provider in the process of designing for optimization, information security market more than NP architecture became mainstream AISC schema most crucial factor is probably Stevens said: security gateway performance is important, but the flexibility and scalability are products in the information security market competitiveness of an important indicator. It seems the future competitiveness of NP schema with NP processors performance increases and the increase of information security threats, changing frequency change fast and strengthened. Content filtering will become future firewall features a mainstream?, Mr. Liang Wei ye think Web applications is already a trend, which is based on Web application security threats have become a traditional firewall blind spot, so the Web-based content filtering protection for a future firewall market is an essential function of the module, as a separate product or as a module for integration, Mr. LEUNG Wai Yip said initial WG has consideredLaunched as a separate product, but taking into account the objectives of the actual needs of users, the final decision or choose the latter, he as a module integrated into the existing platform framework. Of course they also considered the performance issues, it was mentioned that once such as anti-spam feature open, gateway processing performance will significantly reduce, Mr. Frank Liang Wei ye said, there's a tradeoff, you want to secure more or a little better performance, it is difficult to balance the two. PostScript: more than just network security technology encounter this dilemma in the whole of the network industries are in such an important crossroads. On the one hand, we can develop a variety of independent network products, each unique, enjoy the special features and functions. On the other hand, we want to put more functionality into a unified network platform, the platform sets for ease of use, integration and functional unity, but this kind of integration is subject to the existing architecture. from product manufacturers, service providers, to the end user is the crossroads for careful balancing, for a user, he weighed is security and performance which he pays attention to, for product manufacturers and service providers to weigh on the basis that their what is their core users, their core customers actually need?
Internet Safety & Security: Crossroads security gateway technology