FORTINETFAQ-Next Generation Firewalls Fact and Fiction

《FORTINETFAQ-Next Generation Firewalls Fact and Fiction》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、FAQNext-GenerationFirewalls:FactandFictionFrequentlyAskedQuestionsFORTINET–Next-GenerationFirewalls:FactandFictionPAGE2IntroductionAttackersareincreasinglyusingweb-basedapplicationstobreakintoenterprisenetworks,gaincontrolofdevices,andstealvaluableinformat

2、ion.Inanefforttogaincontrolofapplicationuseinorganizations,andtoblockweb-basedattacks,ITmanagersaredeployinganewgenerationoffirewalldevicesknowasnext-generationfirewalls,orNGFWs.Industryanalystscaution,however,thatmanynext-generationfirewallsstilllackbasic

3、networksecurityfeaturesandorganizationsshoulddeploythemonlyinconjunctionwithotherlayersofsecurityforcomprehensiveprotection1.ThisdocumentprovidesanswerstoquestionsthatareoftenaskedaboutNGFWs,andalsodetailsimportantsecurityfeaturesthatyoushouldconsiderwhenc

4、hoosingthebestnetworksecuritysolutionforyourorganization.Whyaresomanysecurityvendorsclaimingtohaveanext–generationfirewall?SinceGartnerpublishedDefiningtheNextGenerationFirewallin2009,manynetworksecurityvendorshavescrambledtointroducetheirownversionofaNGFW

5、forfearofbeingleftbehindinthemarketplace.GartnersuggeststhatNGWFcapabilitiesarenecessarytocontroltheincreasingnumberofnetworkthreatsthatareleveragingweb-basedapplicationsandservices.Whatisanext–generationfirewallanyway?Theterm‘next-generationfirewall’refer

6、stoafirewallthatoffersspecificfeaturestoaddresschangesinboththewaybusinessprocessesuseITandthewaysattackstrytocompromisebusinesssystems.Inordertodefendnetworksagainstthelatestthreats,NGFWsshouldinclude,ataminimum,anintegratedintrusionpreventionsystem(IPS)w

7、ithdeeppacketscanning,theabilitytoidentifyandcontrolapplicationsrunningoveranetwork,andtheabilitytoverifyauser’sidentityandenforceaccesspoliciesaccordingly1.Whywon’tmystatefulfirewallblockthesenewattacks?Statefulfirewallswithpacketfilteringcapabilitiesused

8、tobehighlysuccessfulatblockingunwantedapplicationssimplybecausemostapplicationscommunicatedovernetworksbyusingspecificandunchangingcomputerportsandprotocols.Shouldanadministratordecidethatanapplicationwasunsa