GB/T 44810.1-2024 IPv6网络安全设备技术要求 第1部分:防火墙
GB/T 44810.1-2024 Technical requirement for IPv6 network security equipment—Part 1:Firewall
基本信息
本文件适用于支持IPv6 的防火墙设备的设计、开发、部署、使用、维护与测试。
发布历史
-
2024年10月
文前页预览
研制信息
- 起草单位:
- 中国信息通信研究院、华为技术有限公司、北京天融信网络安全技术有限公司、北京神州绿盟科技有限公司、郑州信大捷安信息技术股份有限公司、北京浩瀚深度信息技术股份有限公司、国家计算机网络应急技术处理协调中心、中国电信集团有限公司、天翼安全科技有限公司、杭州迪普科技股份有限公司、北京通和实益电信科学技术研究所有限公司、国家工业信息安全发展研究中心、中国福利会国际和平妇幼保健院、新华三技术有限公司、北京可信华泰信息技术有限公司、杭州安恒信息技术股份有限公司、北京国泰网信科技有限公司、深圳大学、云南电网有限责任公司
- 起草人:
- 孟楠、董悦、王雨晨、李翔、黄雅静、雷晓锋、彭晓军、叶建伟、刘为华、庞韶敏、曹政、严定宇、秦佳伟、张建宇、康和、张熹、吴庆、左虹、黄澍、张大超、程曦、周昊、陈昌杰、陈磊、万晓兰、杜君、段古纳、田丽丹、李欣、李元正、江魁、肖鹏、王海林
- 出版信息:
- 页数:20页 | 字数:27 千字 | 开本: 大16开
内容描述
ICS
33.040.40
CCS
M32
中华人民共和国国家标准
GB/T44810.1—2024
IPv6网络安全设备技术要求
第1部分:防火墙
TechnicalrequirementforIPv6networksecurityequipment—
Part1:Firewall
2024-10-26发布2025-02-01实施
国家市场监督管理总局发布
国家标准化管理委员会
GB/T44810.1—2024
目次
前言
·····································································································
Ⅲ
引言
·····································································································
Ⅳ
1
范围
··································································································
1
2
规范性引用文件
······················································································
1
3
术语和定义
···························································································
1
4
缩略语
································································································
1
5
功能性要求
···························································································
2
5.1
网络环境
·························································································
2
5.2
组网和部署
······················································································
3
5.3
网络控制
·························································································
4
5.4
流量管理
·························································································
5
5.5
应用控制
·························································································
5
5.6
攻击防护
·························································································
6
5.7
安全审计、告警与统计
··········································································
6
5.8
安全策略设置
····················································································
7
6
性能要求
······························································································
8
6.1
吞吐量
···························································································
8
6.2
延迟
······························································································
8
6.3
连接速率
·························································································
8
6.4
并发连接数
······················································································
8
7
兼容性要求
···························································································
8
8
可靠性要求
···························································································
8
8.1
系统容错
·························································································
8
8.2
故障监测与恢复
·················································································
9
8.3
双机热备
·························································································
9
8.4
过载控制
·························································································
9
8.5
备份与恢复
······················································································
9
8.6
异常处理机制
····················································································
9
9
自身安全性要求
······················································································
9
9.1
标识和鉴别
······················································································
9
9.2
自身访问控制
····················································································
9
9.3
自身安全审计
····················································································
9
9.4
通信安全
·························································································
9
9.5
支撑系统安全
····················································································
9
Ⅰ
GB/T44810.1—2024
9.6
产品升级
························································································
10
9.7
用户信息安全
···················································································
10
9.8
密码要求
························································································
10
9.9
协议栈安全性
···················································································
10
参考文献
································································································
11
Ⅱ
GB/T44810.1—2024
前言
本文件按照GB/T1.1—2020《标准化工作导则第1部分:标准化文件的结构和起草规则》的规
定起草。
本文件是GB/T44810《IPv6网络安全设备技术要求》的第1部分。GB/T44810已经发布了以下
部分:
—第1部分:防火墙;
—第2部分:Web应用防护系统(WAF);
—第3部分:入侵防御系统(IPS)。
请注意本文件的某些内容可能涉及专利。本文件的发布机构不承担识别专利的责任。
本文件由中华人民共和国工业和信息化部提出。
本文件由全国通信标准化技术委员会(SAC/TC485)归口。
本文件起草单位:中国信息通信研究院、华为技术有限公司、北京天融信网络安全技术有限公司、
北京神州绿盟科技有限公司、郑州信大捷安信息技术股份有限公司、北京浩瀚深度信息技术股份有限公
司、国家计算机网络应急技术处理协调中心、中国电信集团有限公司、天翼安全科技有限公司、杭州迪
普科技股份有限公司、北京通和实益电信科学技术研究所有限公司、国家工业信息安全发展研究中心、
中国福利会国际和平妇幼保健院、新华三技术有限公司、北京可信华泰信息技术有限公司、杭州安恒信
息技术股份有限公司、北京国泰网信科技有限公司、深圳大学、云南电网有限责任公司。
本文件主要起草人:孟楠、董悦、王雨晨、李翔、黄雅静、雷晓锋、彭晓军、叶建伟、刘为华、庞韶敏、
曹政、严定宇、秦佳伟、张建宇、康和、张熹、吴庆、左虹、黄澍、张大超、程曦、周昊、陈昌杰、
陈磊、万晓兰、杜君、段古纳、田丽丹、李欣、李元正、江魁、肖鹏、王海林。
Ⅲ
GB/T44810.1—2024
引言
根据《关于加快推进互联网协议第六版(IPv6)规模部署和应用工作的通知》,为更好面对网络复
杂化和用户规模扩大化带来的安全挑战,推动IPv6网络安全工作的标准化,我国制定了一系列IPv6安
全标准。其中,GB/T44810《IPv6网络安全设备技术要求》是为规范在IPv6中网络安全产品的适用性
的技术标准,拟由三个部分构成。
—第1部分:防火墙。目的在于IPv6部署后,保障防火墙在新的网络环境中的有效应用。
—第2部分:Web应用防护系统(WAF)。目的在于IPv6部署后,保障Web应用防护系统
(WAF)在新的网络环境中的有效应用。
—第3部分:入侵防御系统(IPS)。目的在于IPv6部署后,保障入侵防御系统(IPS)在新的网
络环境中的有效应用。
Ⅳ
GB/T44810.1—2024
IPv6网络安全设备技术要求
第1部分:防火墙
1范围
本文件规定了支持IPv6的防火墙设备的安全技术要求。
本文件适用于支持IPv6的防火墙设备的设计、开发、部署、使用、维护与测试。
2规范性引用文件
下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中,注日期的引用文
件,仅该日期对应的版本适用于本文件;不注日期的引用文件,其最新版本(包括所有的修改单)适用
于本文件。
GB/T20281—2020信息安全技术防火墙安全技术要求和测试评价方法
GB/T25069—2022信息安全技术术语
GB42250—2022信息安全技术网络安全专用产品安全技术要求
GB/T44810.3—2024IPv6网络安全设备技术要求第3部分:入侵防御系统(IPS)
3术语和定义
GB/T25069—2022、GB/T20281—2020界定的以及下列术语和定义适用于本文件。
3.1
防火墙firewall
对经过的数据流进行解析,并实现访问控制及安全防护功能的网络安全产品。
注:在本文件中防火墙仅指“网络型防火墙”。
[来源:GB/T20281—2020,3.1]
3.2
授权管理员authorizedadministrator
具有防火墙管理权限的用户,能支持基于角色获得不同的管理权限。
注:如系统管理员、安全管理员和安全审计员。
4缩略语
下列缩略语适用于本文件。
ALG:应用层网关(ApplicationLayerGateway)
BGP4+:边界网关协议第四版增强版(BorderGatewayProtocolVersion4+)
DHCPv6:互联网协议第六版动态主机配置协议(DynamicHostConfigurationProtocolforIPv6)
DMZ:非军事区(DemilitarizedZone)
DNS:域名系统(DomainNameSystem)
DNSv6:IPv6域名系统(DomainNameSystemforIPv6)
FTP:文件传输协议(FileTransferProtocol)
1
定制服务
推荐标准
- GB/T 37453-2019 船舶和海上技术 船舶系泊和拖带设备 立式滚轮导缆器 2019-05-10
- GB/T 37448-2019 船舶和海上技术 船舶系泊和拖带设备 舷边滚轮导缆器 2019-05-10
- GB/T 37447-2019 船用带式收油机 2019-05-10
- GB/T 37445-2019 船舶与海上技术 海上环境保护 港口废弃物接收设施的布置和管理 2019-05-10
- GB/T 37451-2019 海洋平台起重机试验规程 2019-05-10
- GB/T 37452-2019 海洋平台起重机钢丝绳选型方法 2019-05-10
- GB/T 37444-2019 海洋平台起重机索具应用技术要求 2019-05-10
- GB/T 37446-2019 船用刷式收油机 2019-05-10
- GB/T 37450-2019 海洋平台起重机结构要求 2019-05-10
- GB/T 37443-2019 海洋平台起重机一般要求 2019-05-10