下面是从华为公司网站上看到的关于华为安全免疫系统 SIG 的描述:
从网络蠕虫病毒的最大源头--终端用户计算机入手,检测用户计算机的安全状态。对不安全的计算机,提示其进行系统加固或杀毒操作。对于已经感染蠕虫病毒的计算机,根据安全接入策略,从网络接入层暂时隔离或限制,从而解决网络上蠕虫病毒泛滥的问题。
同时SIG系统还能够检测非法的VoIP用户,从接入层杜绝非法VoIP泛滥,减少国家和运营商的损失。
使用SIG,我们可以实现以下三点目标:
1、从最为复杂的问题出发点–用户的终端PC入手,自动检测用户终端病毒,加强弱点管理。
2、自动进行病毒检测,对终端用户提供增值服务。
3、提供阻断非法VOIP功能,提高运营商增量收入。
从 这段功能描述上看, SIG有些像思科公司的NAC计划,从终端入手治理网络安全威胁。可是,就非法VoIP的检测、阻断的功能描述上看,不知道这样的产品如何推向市场?与运 营商合作、由运营商推向自己的ADSL注册用户、阻断非法VoIP来帮助运营商提高增量收入(不知道华为SIG如何定义非法和合法VoIP)?那用户肯定 不愿意安装啊,我使用ADSL,就是想VoIP,我还想视频呢。
原来记得华为的NAC对应方案应该是EAD(端点准入防御),EAD面向用户侧的终端、SIG(从名字上看)面向运营商侧的网关设备?或许应该这样理解。
前面提到过国内桌面管理市场上的厂商,例如国外的CA, Microsoft, Landesk, BigFix, 国内的联创和华为等,看来大家的产品定位还是挺有”特色“的。
According to IDC, UTM (Unified Threat Management) security appliances are defined as:
UTM security appliance products include multiple security features integrated into one box. To be included in this category, as opposed to other segments, the appliance MUST contain the ability to perform network firewalling, network intrusion detection and prevention, and gateway antivirus (AV). All of the capabilities in the appliance need not be utilised, but the functions must exist inherently in the appliance. In these products, the individual components cannot be separated.
Basically, UTM security appliances are charactered as some integration of the follow 6 features in one boxes:
- * Firewall – these devices are typically deployed at the network perimeter, and therefore robust, stateful firewall capabilities with NAT are required.
- * VPN – often deployed as branch office solutions on a corporate WAN, the ability to create a small number of secure VPN tunnels is essential.
- * IDS/IPS – a firewall only enforces policy, and if that policy includes allowing inbound HTTP traffic to Web servers on the DMZ, then there is nothing the firewall can do to prevent HTTP exploits from subverting the target Web server. The IPS capability will detect and block such attempted exploits at the network perimeter, preventing the malicious traffic from ever reaching the server. An IDS-only capability can detect exploits and raise alerts, but will be unable to block the malicious traffic.
- * Anti Virus – gateway Anti Virus prevents inbound virus traffic at the edge of the network, thus reinforcing desktop security solutions and blocking viruses before they reach the desktop. This solution can also prevent infected machines from propagating viruses outside the corporate network.
- * Anti Spam – gateway Anti Spam can tag inbound e-mail, allowing it to be handled more effectively by desktop filtering solutions, or can block suspected spam mails completely. This solution can also prevent internal hosts from sending spam mail outside the corporate network.
- * URL Filtering – using a constantly-updated database of categorised URLs, a gateway URL filtering solution can prevent employees from accessing objectionable or inappropriate Web sites from the corporate network
- * Content Filtering – by scanning Web and mail traffic for specific content, a gateway content filtering solution can prevent objectionable or inappropriate material from passing into, or out of, the corporate network.
Recent Comments