|
|
Sponsored Content
Special Forums
Cybersecurity
IT Security RSS
Next Generation Firewalls: What's coming?
Post 302416726 by Linux Bot on Tuesday 27th of April 2010 02:30:03 PM
04-27-2010
Next Generation Firewalls: What's coming?
I joined some seminars, conferences, read some articles and studies about ongoing developments of new firewall technologies and I would like to mention my thoughts about it. Some of those technologies are already on the market but they're starting to be accepted by.
Features:
The next generation firewalls will:
As network threats evolve, I understand that our protection mechanisms can not remain the same and for firewalls we do not see a "slips forward" for a time.
I see this "all-in-one" features or "Ecosystem" as a natural evolution of the existing UTM devices. Makes investment cheaper. Management and troubleshooting easier. And are greener than the actual approach to combine multiple security devices to protect a network.
I'm excited with the possibility to evaluate one of those devices. This shall happen soon.
I'll post the tests results here in the future.
A good point here is that the security market is moving forward and for me, it's pointing to the right direction.
Regards
More...
Features:
The next generation firewalls will:
- Have superior performance (up to 100Gbps);
- Be deployed on more complex network traffic (MPLS, VPLS);
- Recognize applications (P2P, Video, Productivity, Web, IM, Skype, Games, etc, even "encrypted/obfuscated ones") for control purposes;
- Be part of complete security Ecosystems (FW, IPS, Anti-Spam, Anti-Malware, Parental Control, VPN, DPI, Lawful Interception) on a single Blade system;
- Support Denial of Service attacks detection and mitigation on a cleaning center architecture rather than a simple blind shape;
- Handle on-line traffic scanning for threat detection with zero delay;
- Understand traffic patterns and build a intelligent filtering network rather than simple allow/deny rules;
- Allow more "user oriented rules"than ip oriented rules;
I see this "all-in-one" features or "Ecosystem" as a natural evolution of the existing UTM devices. Makes investment cheaper. Management and troubleshooting easier. And are greener than the actual approach to combine multiple security devices to protect a network.
I'm excited with the possibility to evaluate one of those devices. This shall happen soon.
I'll post the tests results here in the future.
A good point here is that the security market is moving forward and for me, it's pointing to the right direction.
Regards
More...
|
|
6 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I've been considering switching my companies production firewall from FreeBSD and OpenBSD to Linux. The reason being is having so many different flavors of Unix on our production network from FreeBSD, OpenBSD, Solaris, and Linux makes things more difficult to manage from a standardized... (2 Replies)
Discussion started by: mstevenson
2 Replies
2. IP Networking
Secure packet filtering on high-bandwidths fw/rtr for large business tasks. Has anyone tried this concept on openbsd?
The article is posted at www.sysadminmag.com on page 27. January 2002 issue.
I believe Mike has hit upon something that can be applied in the field today and prevent fw... (0 Replies)
Discussion started by: dpatel
0 Replies
3. Cybersecurity
what can I use to find out whether a computer has a firewall or proxy??? What can I use do erase it? (5 Replies)
Discussion started by: Phatress
5 Replies
4. UNIX for Dummies Questions & Answers
One day, while using my PC with Windows XP, my router just stopped working. So, for the ability to connect to the web at that moment, I connected directly to the cable modem without my router. I noticed immediately that people were trying to hack into my computer because my personal firewall would... (2 Replies)
Discussion started by: Minnesota Red
2 Replies
5. UNIX for Advanced & Expert Users
Hi,
I was doing abit of reading on firewalls when this question came up.
Is there any command which sets up a firewall that will only allow packets through if they come from a port number less than 1024?
How about a command which allows packets through if they are destined for a port... (3 Replies)
Discussion started by: sleepster
3 Replies
6. Cybersecurity
As we know, firewall is designed to keep unauthorized outsiders from tampering with a computer system or network. We don't talk about computer security without cryptography.
In this case, may I know,How does cryptographic protection (at the TCP/IP layers or at the application layer) affect a... (1 Reply)
Discussion started by: heroine
1 Replies
LEARN ABOUT DEBIAN
nncheck
NNCHECK(1) General Commands Manual NNCHECK(1) NAME
nncheck - check for unread articles SYNOPSIS
nncheck [ -Q -r -t ] [ -f format ] DESCRIPTION
nncheck will report if there are some articles on the system which you have not read. Without options, nncheck will simply print a message reporting the number of unread articles with the following format: There are 327 unread articles in 25 groups and when there are no unread articles, the following message will be printed: No News (is good news) nncheck will exit with a value of 0 if there are unread articles, and 99 if there is no news (see the exception for the -r option.) It is important to notice that even though unread articles have been reported by nncheck, the actual number of unread articles may be much lower (or even zero) when nn is invoked to read the articles. This is because the calculation of the number of unread articles is only based on recorded article number intervals. Invoking nn to read the articles may reveal that the articles have previously been read in another news group, have been expired, or are killed using the auto-kill facility. The following options are used to modify the amount and format of the output from nncheck: -Q Quiet operation. No output is produced, only the exit status indicate whether there is unread news. -t Print the name of each group with unread articles, and how many unread articles there are (not counting split digests!). -r Output a single integer value specifying the number of unread articles, and exit with a 0 status (somebody told me this would be useful). -f format Output the number of unread articles using the specified format. The format is a text that may contain the following %-escapes: %-code resulting output %u "uuu unread articles" %g "ggg groups" %i "is" if 1 unread article, else "are" %U "uuu" %G "ggg" where uuu is the number of unread articles, and ggg is the number of groups with unread articles. For example, the default output format is "There %i %u in %g" which I prefer to the following less perfect format: "There are %U unread article(s) in %G group(s)" FILES
~/.newsrc The record of read articles $db/MASTER The database master index SEE ALSO
nn(1), nngoback(1), nngrab(1), nngrep(1), nnpost(1), nntidy(1) nnadmin(1M), nnusage(1M), nnmaster(1M) AUTHOR
Kim F. Storm, Texas Instruments A/S, Denmark E-mail: storm@texas.dk 4th Berkeley Distribution Release 6.6 NNCHECK(1)