(ZT) security product selection guide (ZT) security product selection guide Firewall is not a difficult chapter for purchase 之 Author : Cryus QQ : 99564861 (I welcome discussion of network security) Network security is a big issue, the security firms launched a variety of products, in addition to anti-virus (抗), firewall (firewall) is a public safety products are most familiar with, Have less contact with customers also includes intrusion detection security products (IDS), Intrusion Prevention System (IPS), the Internet gateway, VPN (IPSEC, SSL), scanning, security audit, behavior management. Such a big pile of products, plus the firm's market promotion strategy that allows the user to purchase products at a loss. I recommend that users should be based on their actual needs and funds to choose products and brands. If funds are limited, companies also need to establish virtual network, but also at the gateway level to ensure network security, they can opt for integrated firewall and VPN products. In selecting specific products, we need to contrast such as product stability, the company's technical support, product functions. Below is a personal analysis of the firewall product, you can make reference A firewall classification : By product type 1 : The main function of the hardware firewall with network processor or ASIC or FPGA ASIC accelerated so, the main characteristic is that processing speed, most of these products outside China, such as the NetScreen-based ASIC (mainly by the number of Chinese graduate of Qinghua University, founded in the United States, has been acquired by Juniper). FortiGate (actually separated from NetScreen), NetScreen and FortiGate Harbor and the relationship between Huawei, as domestic relations. Based on the Intel IXP4XX have some domestic products, such as speed links, Bohua, Neusoft, etc., although such products with the NP said, but because the bottom of the IXP4XX is only 100M for environment 10,000 M 1000M or in the domestic environment for IXP12XX/IXP2XXX firewall is only a momentum that is not a mature product, as far as I know, two years ago, the company has : Talent, Hisense, Bohua other ENP2611-based (IXP2400 Radisys Corporation for the production of a development board) firewall, it has yet to launch a complete product, of course, Lenovo launched the super-five, claiming that the NP using technology. 2 : software firewall such as checkpoint (an Israeli security sector is not the best in the world), there are other networks, such as the firewall, there is built-in firewall Microsoft XP, the Linux iptables (iptables is an order, Based on the GUI-based iptables fwbuilder mode, a text-based benchmarks shorewall), BSD and so on the ipfilter. The other point is that such products can be flexibly deployed as a server only, or a small network, the speed is not a problem. 3 : Hardware and Software firewall is actually dedicated PC software firewall + (IPC or server), the manufacturer of the safety of more than 200 domestic, 95% are such a framework, including Talent. Neusoft, Bohua, Lenovo, Hisense, Oriental vigorous, Granville network, and even the Cisco PIX, Nokia (which can speed up the purchase of hardware, but is generally dedicated to +checkpoint) Classification can also be other methods, such as the protection levels : level-based packet filtering, class-based agent, based on the state level, a mixed-level, 80% of the products are based on the mixed-class products Four-by function : anti-virus+firewall+vpn+ips, firewall+vpn unified, single firewall type, domestic products are generally firewall+vpn integration type. Four-anti-virus+firewall+vpn+ips FortiGate products, Bohua SOHO : by sub-capacity, 100M -, 1000M-, M-10000 There are other classification methods, it all depends on the marketing strategies of manufacturers :) 2 : users choose attention : 1 : choose products according to demand. 2 : a written confirmation of the actual function of the same functions and objects 3 : If you are high-end users, the best side of the machine open the factory to see in the end is the overall CPU or ASIC or NP 4 : Do not believe that the completion of the tests, and trap survey, 5 : Do not believe entirely on the performance of Hardware and Software Firewall 64 byte can reach 100%, 30% ceiling, unless manufacturers take 100M 1000M products when measured, of course, a high-level performance 6 : Stability of the most important and best trial more than 10 days 7 : achieve product demand, the ability to choose technical support to manufacturers 8 : If you believe that the ability to build a firewall completely on my own, you are promising to do free, such as IPcop (as simple as installing a linux) for the boss to save money, maybe the boss will do more than point bonus, you will find that the safety products business has been modest and Ha ha 9 : more, more choices 10 : In your opinion, what is not the case, buy a firewall can only cope with the inspections is entirely possible for manufacturers to buy higher rebate, of course, I do not support this, we need ah. Oh 呵~~ 11 : Do not remember gasping for low prices, if low will affect future services! 12 : Selection of the registered capital of at least 5 million more, the company that can be said is in fact dollar IT company, and two million of the company operating properly, no one will be 88 years half load The 13 : whether or not the products are authoritative department inspections and sales licenses, for example, the Ministry of Public Security, the military seized authentication information security evaluation After : Personal see Italy, for reference purposes only. Please attention to the follow-up article VPN and IDS/IPS [ Closed window ]