标准解读

《GB/T 44810.1-2024 IPv6网络安全设备技术要求 第1部分:防火墙》是一项国家标准,主要针对基于IPv6协议的网络环境中防火墙的安全性能和技术规范进行了详细规定。该标准旨在为设计、生产及使用IPv6环境下的防火墙提供技术指导和参考依据。

标准中首先明确了防火墙的基本功能要求,包括但不限于数据包过滤、状态检测、NAT(网络地址转换)、虚拟专网支持等,并特别强调了这些功能在IPv6环境下的实现方式与性能指标。对于数据包过滤而言,标准指出防火墙应该能够根据源地址、目的地址、协议类型等多个维度对流量进行精确控制;而状态检测则要求设备具备识别并跟踪会话的能力,以确保只有合法的数据流可以通过。

此外,《GB/T 44810.1-2024》还特别关注了IPv6特有的安全挑战,比如扩展头部处理能力、地址自动配置安全性等方面。它要求防火墙必须能够正确解析各种类型的IPv6扩展头部,并且能够在不影响正常通信的前提下有效抵御利用这些特性发起的攻击行为。

针对日志记录与审计功能,标准也提出了具体要求,指出防火墙需要能够生成详细的访问日志,记录所有经过处理的数据包信息,以便于后续分析或调查。同时,为了保证系统的可用性和稳定性,《GB/T 44810.1-2024》还对防火墙的冗余设计、故障恢复机制等做了明确规定。


如需获取更多详尽信息,请直接参考下方经官方授权发布的权威标准文档。

....

查看全部

  • 即将实施
  • 暂未开始实施
  • 2024-10-26 颁布
  • 2025-02-01 实施
©正版授权
GB/T 44810.1-2024IPv6网络安全设备技术要求第1部分:防火墙_第1页
GB/T 44810.1-2024IPv6网络安全设备技术要求第1部分:防火墙_第2页
GB/T 44810.1-2024IPv6网络安全设备技术要求第1部分:防火墙_第3页
GB/T 44810.1-2024IPv6网络安全设备技术要求第1部分:防火墙_第4页
GB/T 44810.1-2024IPv6网络安全设备技术要求第1部分:防火墙_第5页
已阅读5页,还剩15页未读 继续免费阅读

下载本文档

GB/T 44810.1-2024IPv6网络安全设备技术要求第1部分:防火墙-免费下载试读页

文档简介

ICS

33.040.40

CCS

M32

中华人民共和国国家标准

GB/T44810.1—2024

IPv6网络安全设备技术要求

第1部分:防火墙

TechnicalrequirementforIPv6networksecurityequipment—

Part1:Firewall

2024-10-26发布2025-02-01实施

国家市场监督管理总局发布

国家标准化管理委员会

GB/T44810.1—2024

目次

前言

·····································································································

引言

·····································································································

1

范围

··································································································

1

2

规范性引用文件

······················································································

1

3

术语和定义

···························································································

1

4

缩略语

································································································

1

5

功能性要求

···························································································

2

5.1

网络环境

·························································································

2

5.2

组网和部署

······················································································

3

5.3

网络控制

·························································································

4

5.4

流量管理

·························································································

5

5.5

应用控制

·························································································

5

5.6

攻击防护

·························································································

6

5.7

安全审计、告警与统计

··········································································

6

5.8

安全策略设置

····················································································

7

6

性能要求

······························································································

8

6.1

吞吐量

···························································································

8

6.2

延迟

······························································································

8

6.3

连接速率

·························································································

8

6.4

并发连接数

······················································································

8

7

兼容性要求

···························································································

8

8

可靠性要求

···························································································

8

8.1

系统容错

·························································································

8

8.2

故障监测与恢复

·················································································

9

8.3

双机热备

·························································································

9

8.4

过载控制

·························································································

9

8.5

备份与恢复

······················································································

9

8.6

异常处理机制

····················································································

9

9

自身安全性要求

······················································································

9

9.1

标识和鉴别

······················································································

9

9.2

自身访问控制

····················································································

9

9.3

自身安全审计

····················································································

9

9.4

通信安全

·························································································

9

9.5

支撑系统安全

····················································································

9

GB/T44810.1—2024

9.6

产品升级

························································································

10

9.7

用户信息安全

···················································································

10

9.8

密码要求

························································································

10

9.9

协议栈安全性

···················································································

10

参考文献

································································································

11

GB/T44810.1—2024

前言

本文件按照GB/T1.1—2020《标准化工作导则第1部分:标准化文件的结构和起草规则》的规

定起草。

本文件是GB/T44810《IPv6网络安全设备技术要求》的第1部分。GB/T44810已经发布了以下

部分:

—第1部分:防火墙;

—第2部分:Web应用防护系统(WAF);

—第3部分:入侵防御系统(IPS)。

请注意本文件的某些内容可能涉及专利。本文件的发布机构不承担识别专利的责任。

本文件由中华人民共和国工业和信息化部提出。

本文件由全国通信标准化技术委员会(SAC/TC485)归口。

本文件起草单位:中国信息通信研究院、华为技术有限公司、北京天融信网络安全技术有限公司、

北京神州绿盟科技有限公司、郑州信大捷安信息技术股份有限公司、北京浩瀚深度信息技术股份有限公

司、国家计算机网络应急技术处理协调中心、中国电信集团有限公司、天翼安全科技有限公司、杭州迪

普科技股份有限公司、北京通和实益电信科学技术研究所有限公司、国家工业信息安全发展研究中心、

中国福利会国际和平妇幼保健院、新华三技术有限公司、北京可信华泰信息技术有限公司、杭州安恒信

息技术股份有限公司、北京国泰网信科技有限公司、深圳大学、云南电网有限责任公司。

本文件主要起草人:孟楠、董悦、王雨晨、李翔、黄雅静、雷晓锋、彭晓军、叶建伟、刘为华、庞韶敏、

曹政、严定宇、秦佳伟、张建宇、康和、张熹、吴庆、左虹、黄澍、张大超、程曦、周昊、陈昌杰、

陈磊、万晓兰、杜君、段古纳、田丽丹、李欣、李元正、江魁、肖鹏、王海林。

GB/T44810.1—2024

引言

根据《关于加快推进互联网协议第六版(IPv6)规模部署和应用工作的通知》,为更好面对网络复

杂化和用户规模扩大化带来的安全挑战,推动IPv6网络安全工作的标准化,我国制定了一系列IPv6安

全标准。其中,GB/T44810《IPv6网络安全设备技术要求》是为规范在IPv6中网络安全产品的适用性

的技术标准,拟由三个部分构成。

—第1部分:防火墙。目的在于IPv6部署后,保障防火墙在新的网络环境中的有效应用。

—第2部分:Web应用防护系统(WAF)。目的在于IPv6部署后,保障Web应用防护系统

(WAF)在新的网络环境中的有效应用。

—第3部分:入侵防御系统(IPS)。目的在于IPv6部署后,保障入侵防御系统(IPS)在新的网

络环境中的有效应用。

GB/T44810.1—2024

IPv6网络安全设备技术要求

第1部分:防火墙

1范围

本文件规定了支持IPv6的防火墙设备的安全技术要求。

本文件适用于支持IPv6的防火墙设备的设计、开发、部署、使用、维护与测试。

2规范性引用文件

下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中,注日期的引用文

件,仅该日期对应的版本适用于本文件;不注日期的引用文件,其最新版本(包括所有的修改单)适用

于本文件。

GB/T20281—2020信息安全技术防火墙安全技术要求和测试评价方法

GB/T25069—2022信息安全技术术语

GB42250—2022信息安全

人人文库> 全部分类> 行业资料 > 各类标准

温馨提示

  • 1. 本站所提供的标准文本仅供个人学习、研究之用,未经授权,严禁复制、发行、汇编、翻译或网络传播等,侵权必究。
  • 2. 本站所提供的标准均为PDF格式电子版文本(可阅读打印),因数字商品的特殊性,一经售出,不提供退换货服务。
  • 3. 标准文档要求电子版与印刷版保持一致,所以下载的文档中可能包含空白页,非文档质量问题。

最新文档

评论

0/150

提交评论