標準解讀

《GB/T 44810.1-2024 IPv6網(wǎng)絡安全設備技術(shù)要求 第1部分:防火墻》是一項國家標準,主要針對基于IPv6協(xié)議的網(wǎng)絡環(huán)境中防火墻的安全性能和技術(shù)規(guī)范進行了詳細規(guī)定。該標準旨在為設計、生產(chǎn)及使用IPv6環(huán)境下的防火墻提供技術(shù)指導和參考依據(jù)。

標準中首先明確了防火墻的基本功能要求,包括但不限于數(shù)據(jù)包過濾、狀態(tài)檢測、NAT(網(wǎng)絡地址轉(zhuǎn)換)、虛擬專網(wǎng)支持等,并特別強調(diào)了這些功能在IPv6環(huán)境下的實現(xiàn)方式與性能指標。對于數(shù)據(jù)包過濾而言,標準指出防火墻應該能夠根據(jù)源地址、目的地址、協(xié)議類型等多個維度對流量進行精確控制;而狀態(tài)檢測則要求設備具備識別并跟蹤會話的能力,以確保只有合法的數(shù)據(jù)流可以通過。

此外,《GB/T 44810.1-2024》還特別關注了IPv6特有的安全挑戰(zhàn),比如擴展頭部處理能力、地址自動配置安全性等方面。它要求防火墻必須能夠正確解析各種類型的IPv6擴展頭部,并且能夠在不影響正常通信的前提下有效抵御利用這些特性發(fā)起的攻擊行為。

針對日志記錄與審計功能,標準也提出了具體要求,指出防火墻需要能夠生成詳細的訪問日志,記錄所有經(jīng)過處理的數(shù)據(jù)包信息,以便于后續(xù)分析或調(diào)查。同時,為了保證系統(tǒng)的可用性和穩(wěn)定性,《GB/T 44810.1-2024》還對防火墻的冗余設計、故障恢復機制等做了明確規(guī)定。


如需獲取更多詳盡信息,請直接參考下方經(jīng)官方授權(quán)發(fā)布的權(quán)威標準文檔。

....

查看全部

  • 現(xiàn)行
  • 正在執(zhí)行有效
  • 2024-10-26 頒布
  • 2025-02-01 實施
?正版授權(quán)
GB/T 44810.1-2024IPv6網(wǎng)絡安全設備技術(shù)要求第1部分:防火墻_第1頁
GB/T 44810.1-2024IPv6網(wǎng)絡安全設備技術(shù)要求第1部分:防火墻_第2頁
GB/T 44810.1-2024IPv6網(wǎng)絡安全設備技術(shù)要求第1部分:防火墻_第3頁
GB/T 44810.1-2024IPv6網(wǎng)絡安全設備技術(shù)要求第1部分:防火墻_第4頁
GB/T 44810.1-2024IPv6網(wǎng)絡安全設備技術(shù)要求第1部分:防火墻_第5頁
已閱讀5頁,還剩15頁未讀, 繼續(xù)免費閱讀

下載本文檔

GB/T 44810.1-2024IPv6網(wǎng)絡安全設備技術(shù)要求第1部分:防火墻-免費下載試讀頁

文檔簡介

ICS

33.040.40

CCS

M32

中華人民共和國國家標準

GB/T44810.1—2024

IPv6網(wǎng)絡安全設備技術(shù)要求

第1部分:防火墻

TechnicalrequirementforIPv6networksecurityequipment—

Part1:Firewall

2024-10-26發(fā)布2025-02-01實施

國家市場監(jiān)督管理總局發(fā)布

國家標準化管理委員會

GB/T44810.1—2024

目次

前言

·····································································································

引言

·····································································································

1

范圍

··································································································

1

2

規(guī)范性引用文件

······················································································

1

3

術(shù)語和定義

···························································································

1

4

縮略語

································································································

1

5

功能性要求

···························································································

2

5.1

網(wǎng)絡環(huán)境

·························································································

2

5.2

組網(wǎng)和部署

······················································································

3

5.3

網(wǎng)絡控制

·························································································

4

5.4

流量管理

·························································································

5

5.5

應用控制

·························································································

5

5.6

攻擊防護

·························································································

6

5.7

安全審計、告警與統(tǒng)計

··········································································

6

5.8

安全策略設置

····················································································

7

6

性能要求

······························································································

8

6.1

吞吐量

···························································································

8

6.2

延遲

······························································································

8

6.3

連接速率

·························································································

8

6.4

并發(fā)連接數(shù)

······················································································

8

7

兼容性要求

···························································································

8

8

可靠性要求

···························································································

8

8.1

系統(tǒng)容錯

·························································································

8

8.2

故障監(jiān)測與恢復

·················································································

9

8.3

雙機熱備

·························································································

9

8.4

過載控制

·························································································

9

8.5

備份與恢復

······················································································

9

8.6

異常處理機制

····················································································

9

9

自身安全性要求

······················································································

9

9.1

標識和鑒別

······················································································

9

9.2

自身訪問控制

····················································································

9

9.3

自身安全審計

····················································································

9

9.4

通信安全

·························································································

9

9.5

支撐系統(tǒng)安全

····················································································

9

GB/T44810.1—2024

9.6

產(chǎn)品升級

························································································

10

9.7

用戶信息安全

···················································································

10

9.8

密碼要求

························································································

10

9.9

協(xié)議棧安全性

···················································································

10

參考文獻

································································································

11

GB/T44810.1—2024

前言

本文件按照GB/T1.1—2020《標準化工作導則第1部分:標準化文件的結(jié)構(gòu)和起草規(guī)則》的規(guī)

定起草。

本文件是GB/T44810《IPv6網(wǎng)絡安全設備技術(shù)要求》的第1部分。GB/T44810已經(jīng)發(fā)布了以下

部分:

—第1部分:防火墻;

—第2部分:Web應用防護系統(tǒng)(WAF);

—第3部分:入侵防御系統(tǒng)(IPS)。

請注意本文件的某些內(nèi)容可能涉及專利。本文件的發(fā)布機構(gòu)不承擔識別專利的責任。

本文件由中華人民共和國工業(yè)和信息化部提出。

本文件由全國通信標準化技術(shù)委員會(SAC/TC485)歸口。

本文件起草單位:中國信息通信研究院、華為技術(shù)有限公司、北京天融信網(wǎng)絡安全技術(shù)有限公司、

北京神州綠盟科技有限公司、鄭州信大捷安信息技術(shù)股份有限公司、北京浩瀚深度信息技術(shù)股份有限公

司、國家計算機網(wǎng)絡應急技術(shù)處理協(xié)調(diào)中心、中國電信集團有限公司、天翼安全科技有限公司、杭州迪

普科技股份有限公司、北京通和實益電信科學技術(shù)研究所有限公司、國家工業(yè)信息安全發(fā)展研究中心、

中國福利會國際和平婦幼保健院、新華三技術(shù)有限公司、北京可信華泰信息技術(shù)有限公司、杭州安恒信

息技術(shù)股份有限公司、北京國泰網(wǎng)信科技有限公司、深圳大學、云南電網(wǎng)有限責任公司。

本文件主要起草人:孟楠、董悅、王雨晨、李翔、黃雅靜、雷曉鋒、彭曉軍、葉建偉、劉為華、龐韶敏、

曹政、嚴定宇、秦佳偉、張建宇、康和、張熹、吳慶、左虹、黃澍、張大超、程曦、周昊、陳昌杰、

陳磊、萬曉蘭、杜君、段古納、田麗丹、李欣、李元正、江魁、肖鵬、王海林。

GB/T44810.1—2024

引言

根據(jù)《關于加快推進互聯(lián)網(wǎng)協(xié)議第六版(IPv6)規(guī)模部署和應用工作的通知》,為更好面對網(wǎng)絡復

雜化和用戶規(guī)模擴大化帶來的安全挑戰(zhàn),推動IPv6網(wǎng)絡安全工作的標準化,我國制定了一系列IPv6安

全標準。其中,GB/T44810《IPv6網(wǎng)絡安全設備技術(shù)要求》是為規(guī)范在IPv6中網(wǎng)絡安全產(chǎn)品的適用性

的技術(shù)標準,擬由三個部分構(gòu)成。

—第1部分:防火墻。目的在于IPv6部署后,保障防火墻在新的網(wǎng)絡環(huán)境中的有效應用。

—第2部分:Web應用防護系統(tǒng)(WAF)。目的在于IPv6部署后,保障Web應用防護系統(tǒng)

(WAF)在新的網(wǎng)絡環(huán)境中的有效應用。

—第3部分:入侵防御系統(tǒng)(IPS)。目的在于IPv6部署后,保障入侵防御系統(tǒng)(IPS)在新的網(wǎng)

絡環(huán)境中的有效應用。

GB/T44810.1—2024

IPv6網(wǎng)絡安全設備技術(shù)要求

第1部分:防火墻

1范圍

本文件規(guī)定了支持IPv6的防火墻設備的安全技術(shù)要求。

本文件適用于支持IPv6的防火墻設備的設計、開發(fā)、部署、使用、維護與測試。

2規(guī)范性引用文件

下列文件中的內(nèi)容通過文中的規(guī)范性引用而構(gòu)成本文件必不可少的條款。其中,注日期的引用文

件,僅該日期對應的版本適用于本文件;不注日期的引用文件,其最新版本(包括所有的修改單)適用

于本文件。

GB/T20281—2020信息安全技術(shù)防火墻安全技術(shù)要求和測試評價方法

GB/T25069—2022信息安全技術(shù)術(shù)語

GB42250—2022信息安全

溫馨提示

  • 1. 本站所提供的標準文本僅供個人學習、研究之用,未經(jīng)授權(quán),嚴禁復制、發(fā)行、匯編、翻譯或網(wǎng)絡傳播等,侵權(quán)必究。
  • 2. 本站所提供的標準均為PDF格式電子版文本(可閱讀打印),因數(shù)字商品的特殊性,一經(jīng)售出,不提供退換貨服務。
  • 3. 標準文檔要求電子版與印刷版保持一致,所以下載的文檔中可能包含空白頁,非文檔質(zhì)量問題。

最新文檔

評論

0/150

提交評論