Huawei's application layer filtering firewall that something

Enterprise 2019-10-30 07:26:19 views: null

The face of illegal acts on the Internet, Huawei provides a very powerful firewall protection, virtual private network detection and recognition technology and the application layer. The application layer filtering technology can be more targeted strengthening security construction companies. The so-called application-layer filtering, is for the OSI seven-layer packet for check-ups, although its working efficiency of the filtering firewall than the traditional package, but it does enhance the security type is not available in ordinary firewall. With the development of the value of the computer, today's hardware processing speed is no longer the bottleneck of the network, so whether they have a firewall application layer detection, able to detect how many applications have become the standard measure of a firewall. This post describes Huawei's application layer filtering firewall technology.

Huawei's next-generation firewalls main function is different from traditional firewall and ACL is depth to identify and enhance the security of the application layer content.

First, Huawei application layer filtering firewall knowledge

Because of the need to purchase an authorized service vendor to achieve application-layer filtering, so eNSP simulator can not be achieved, the following commands are from Huawei USG6306 firewall products. Although many configuration commands, but the structure is not complicated, on the basis of prior security policy based on the increased application layer filtering configuration profile.

Huawei firewall application layer relates to filtering techniques are:

  • File type filtering: mainly for different types (different extension) file filter. USG application layer firewall can identify the file type of the data package. That the inspection process is not just query the file extension, but to identify file-based content;
  • Content Filter: Send blog content based on HTTP, the Forum sent post content, SMTP is sending the message subject and body content, name of the FTP upload and download files, file-sharing services in a file name such as filtering, you can filter based on a specific text , may be filtered by positive expression;
  • URL Filtering: The main page for Internet users to access the URL filtering to allow or deny users access to certain types of resources website URL to control the user's use of Internet resources;

1. File Filter

File type filtering is a security mechanism for filtering of file data through the firewall depending on the type of file. With the continuous development of network technology, how to prevent disclosure of users' personal information and ensure confidential corporate data security has become an important part of enterprise network security building. Traditional firewalls filter business and personal privacy information, and the Internet for malicious files are usually attached to specific file types, such as EXE, MSl and so on. Huawei's file type filtering function can easily cope with such problems.

File type filtering firewall can be identified based on the following:

  • Application: carrying file transfer protocol application, for example: HTTP, FTP, SMTP and so on;
  • Orientation: file transfer, such as uploading or downloading;
  • Type: The actual type of the file, according to the contents of the file to determine the type of the file;
  • Extension: The extension of the file type, such as: doc, exe, etc.;

File type filtering firewall allows you to specify a plurality of matching rules, once a match to a rule, the flow rate operation processing configuration according to the rule.

Type of action is as follows:

  • Allow: The default operation to allow file transfer;
  • Alarm: allow file transfer, while logging;
  • Blocking: block file transfers, both logging;

In addition to customizing the user firewall rules, can handle abnormal traffic based global configuration file filters, for example: the number of layers can be checked and the file size of the compressed file, the firewall will take appropriate processing according to a preset value (typically using default values) .

2. Content Filtering

Content filtering is a content file through the firewall security mechanism for filtering. General combining content filtering file type filter to achieve the best protective effect. Today, companies focus on safety, but also pay greater attention to network efficiency. Filter by file type can be reduced to some extent, the probability of leaks and staff safety accidents, but can not execute targeted checks on file content to find out whether there is violation data. In order to prohibit employees from companies such as leaks, blocked all office document type, in this way at the same time to achieve the purpose, but also seriously affected the efficiency of the office staff, some of the normal business mail will be affected. The content filtering can check the contents of the file to determine whether the traffic violation.

Content filtering can address the following issues:

  • Blocking the transmission of confidential information and reduce the risk of leaks staff;
  • Reduce the probability of employees due to the sensitive information while browsing bring legal risks to the company;
  • Improve work efficiency, staff organize content browsing non-work related;

Huawei firewall over the content as:
Huawei's application layer filtering firewall that something
firewall content filtering sensitive information through "keyword" in the recognition of the flow to the processing flow according to the operation configuration. Keywords can be defined based on the actual situation of the company, you can also use the predefined keywords. Keywords also support fuzzy matching (regular expression).

Content filtering firewall rules allow matching to specify a number, once a match to a rule, the flow rate operation processing configuration according to the rule.

Type of action is as follows:

  • Alarm: After identifying the key, allowing the contents of the file transfer, while the log;
  • Blocking: identifying keywords, the refuse transfer file content, both logging;
  • By weight Operation: each keyword matches a weight value, whenever matched keyword, the accumulated weight values ​​according to the number of matching keywords, the weight values ​​result if the accumulation is greater than equal to "alarm threshold" and less than "blocking threshold", will be performed "alarm" operation; right after the accumulated weight value if the result is greater than equal to "blocking threshold value", the implementation of the "blocking" operation;

3.URL filter

When the URL firewall rule matching URL resource is requested by the user, the firewall will allow / deny the request in accordance with the rules of action URL, and loopback page.

URL filtering firewall functions to achieve based on the following ways:

  • Blacklist: Firewall received the request URL matches the configuration of the blacklist, if the match is successful, the request is denied, and the sender sends an error page;
  • Whitelist: Firewall the URL request received matches the configuration of the whitelist, if the match is successful, the user is allowed to send the request;
  • URL Search in: firewall to decide whether to allow the user to send the URL request URL classification according to user access;

URL filtering control operation comprising:

  • Allow: means allows the user to access a URL request;
  • Alarm: means allows the user to access the URL request, while logging;
  • Blocking: means blocking the user access to the URL request, while logging;

There is a default configuration file URL filtering firewall, the name for the default. The default configuration file illegal websites response action is blocked, the default action is to allow other URL classification. The default configuration file can not be modified.

4. Submit Profile

All you need to configure the application-layer filtering ask Akin (Profile files) by writing and Security Policy (the default must be allowed) by calling Profile keywords, in order to achieve application-layer filtering capabilities. Huawei's next-generation firewall Profile for modifying the configuration file, effect unless you commit (submit), or do not take effect, the configuration commands commit operation is as follows:

[USG6300]engine configuration commit

commit operation can also operate in the Web management interface, Web management configuration, refer Bowen: Huawei firewall for remote management and configuration in detail the way

Huawei's application layer filtering firewall that something

Unable to realize the function on the simulator, so this blog will explain the theoretical part!

Guess you like

Origin blog.51cto.com/14157628/2446298
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com