ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

What is the difference between firewall and next generation firewall?

user-image
تم إضافة السؤال من قبل ahmed reda , Information Security Engineer , Security Meter
تاريخ النشر: 2016/04/08
Sanil PK
من قبل Sanil PK , Security Administrator , Horizon Energy LLC

A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with other network device filtering functionalities such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS)

Digvijay Chavda
من قبل Digvijay Chavda , Sr. Engineer IT-operation , Panamax InfoTech Ltd

Firewalls are based on Network Security and now Next generation firewalls are based on Application , Network , SSL decryption ,Identity 

مستخدم محذوف‎
من قبل مستخدم محذوف‎

Some security features that can be found in a  NGFW that give a difference betweem the traditional firewall are:

  • Non-disruptive, in-line, bump-in-the-wire (BITW) configuration, wherein a 'stealth' firewall resides inside the subnet so it can filter traffic between hosts
  • Integrated signature-based intrusion prevention system (IPS), which specifies which kinds of attacks to scan for and report on
  • Identification of applications using pre-defined application signatures, payload analysis, and header inspection, plus enforcement of network security policy at the application level, because applications (rather than networking services and components) have become the greatest area of exploitation today by malware and other attacks
  • Full stack visibility, which goes hand-in-hand with control of applications
  • Granular control, or extremely detailed control of applications
  • Capability to incorporate information from outside the firewall, including directory-based policies, white lists, and black lists
  • Upgrade path to include future security threats and information feeds
  • Secure sockets layer (SSL) decryption to enable identification of undesirable encrypted applications

المزيد من الأسئلة المماثلة