|
A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with other network device filtering functionalities such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS) and/or other techniques such as SSL and SSH interception, website filtering, QoS/bandwidth management, antivirus inspection and third-party integration (i.e. Active Directory).〔(Intro to Next Generation Firewalls ) - By Eric Geier, 06 September, 2011〕 == Next-Generation Firewall vs. Traditional Firewall == NGFWs include the typical functions of traditional firewalls such as packet filtering,〔(Next gen security ) - by Ben Rossi - 07 August, 2012〕 network- and port-address Translation (NAT), stateful inspection, and virtual private network (VPN) support.〔(Next Generation Firewall (NGFW) ) - Network Intelligence〕 The goal of next generation firewalls is to include more layers of the OSI model to improve filtering of network traffic dependent on the packet contents.〔(NEXT-GENERATION FIREWALLS ) - Cyberoam〕 NGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls.〔(Next-generation firewalls: Security without compromising performance ) - By Patrick Sweeney, 17 October 2012〕 They go deeper to inspect the payload of packets and match signatures for harmful activities such as known vulnerabilities, exploit attacks, viruses and malware.〔(Next-Generation Firewalls 101 ) - By Frank J. Ohlhorst, 1 March 2013〕 Gartner defines an NGFW as "a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks." At minimum, Gartner states an NGFW should provide:〔Defining the Next-Generation Firewall - Gartner RAS Core Research Note G00171540, John Pescatore, Greg Young, 12 October 2009, R3210 04102010〕 • Non-disruptive in-line bump-in-the-wire configuration • Standard first-generation firewall capabilities, e.g., network-address translation (NAT), stateful protocol inspection (SPI) and virtual private networking (VPN), etc. • Integrated signature based IPS engine • Application awareness, full stack visibility and granular control • Capability to incorporate information from outside the firewall, e.g., directory-based policy, blacklists, white lists, etc. • Upgrade path to include future information feeds and security threats • SSL decryption to enable identifying undesirable encrypted applications 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Next-Generation Firewall」の詳細全文を読む スポンサード リンク
|