Help you understand the industry and master the latest information on the Internet
The packet filter technology
Packet filtering technology is a simple and effective safety control technology, its work in the network layer, device with the mutual connection between the network load allowed, banned from certain specific source address, destination address, the TCP port number, such as rules, for through the packet inspection equipment, limit data packets in and out of the internal network.
The biggest advantage of packet filter is transparent to users, high transmission performance. But because of the safety control level in the network layer, transport layer, the magnitude of the safety control is limited to the source address, destination address and port number, therefore can only conduct a preliminary safety control, of congestion for malicious attacks, the memory cover attack or virus attack on a high level of can't protect.
The application of agent technology
Application proxy firewall to work in the OSI 7 layer, it by checking all the application layer packet, and will check the contents of the information in the decision-making process, so as to improve the security of the network.
Application gateway firewall is by breaking the client/server mode. Each client/server communication needs two connections: one is from the client to a firewall, another is from the firewall to the server. In addition, each agent need a different application process, or a background service program, for each new application must be added to the application service program, otherwise can't use the service. So, the application gateway firewall has the shortcoming of poor scalability.
The state detection technology
Detecting state firewall to work in the second to four layers of the OSI, USES the state detection of packet filter technology, is a traditional packet filter function extension. Detecting state firewall in the network layer has a check engine intercepts packets and extract the information related to the state of the application layer, and on this basis the decision is to accept or reject the connection. This technology provides high security solutions, at the same time has good adaptability and extensibility. Of detecting state firewall generally also includes some agent level service, they provide additional support for the specific content of the application data.