Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 20281-2015 English PDF (GBT20281-2015)

GB/T 20281-2015 English PDF (GBT20281-2015)

Regular price $150.00 USD
Regular price Sale price $150.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: 24-hr self-service. Click GB/T 20281-2015
See Chinese contents: GB/T 20281-2015

GB/T 20281-2015: Information security technology -- Security technical requirements and testing and evaluation approaches for firewall

This Standard specifies the firewall in terms of security technical requirements, test-evaluation methods and security grade division.
GB/T 20281-2015
ICS 35.040
L 80
Replacing GB/T 20281-2006
Information Security Technology - Security
Technical Requirements and Test-evaluation
methods for Firewall
ISSUED ON. MAY 15, 2015
Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China;
Standardization Administration of the People's Republic of
Table of Contents
1 Scope??...??4
2 Normative References??...??4
3 Terms and Definitions??...??4
4 Abbreviated Terms??...??5
5 Firewall Description??...??5
6 Security Technical Requirements??...??6
6.1 General??...??6
6.1.1 Classification??...??6
6.1.2 Security Grade??...??6
6.2 Security??Requirements??for??Basic?€?grade??...??8
6.2.1 Security Function Requirements??...??8
6.2.2 Security Assurance Requirements??...??13
6.3 Security??Requirements??for??Reinforced?€?grade??...??17
6.3.1 Security Function Requirements??...??17
6.3.2 Security Assurance Requirements??...??24
6.4 Environmental??adaptation??requirements??...??32
6.4.1 Transmission Mode??...??32
6.4.2 Next Generation of Internet Support (if any)??...??32
6.5 Performance??Requirements??...??33
6.5.1 Throughput??...??33
6.5.2 Delay...??34
6.5.3 Maximum Concurrent Connections??...??34
6.5.4 Maximum Connection Rate??...??35
7 Test-evaluation methods??...??35
7.1 Testing??Environment??...??35
7.1.1 Security Function and Environmental Adaptation Testing Environment??..??35 7.1.2 Performance Testing Environment??...??36
7.2 Basic?€?grade??Security??Requirements??Testing??...??36
7.2.1 Security Function Testing??...??36
7.2.2 Security Assurance Testing??...??45
7.3 Security??Requirements??Testing??at??Reinforced?€?grade??...??53
7.3.1 Security Function Testing??...??53
7.3.2 Security Assurance Testing??...??67
7.4 Environmental??Adaptation??Testing??...??84
7.4.1 Transmission Mode??...??84
7.4.2 Next Generation of Internet Support??...??85
7.5 Performance??Testing??...??91
7.5.1 Throughput??...??91
7.5.2 Delay...??91
7.5.3 Maximum Concurrent Connections??...??92
7.5.4 Maximum Connection Rate??...??92
This Standard is drafted in accordance with the rules given in GB/T 1.1-2009. This Standard replaces GB/T 20281-2006 Information Security Technology Technique Requirements and Test-evaluation methods for Firewall Products.
Compared with GB/T 20281-2006, this Standard has the main changes as follows. ?€? The description of firewall is modified;
?€? Functional classification of firewall is modified;
?€? Requirements for high performance of firewall are added;
?€? Requirements for capacity of firewall to control the application layer are strengthened;
?€? The requirements of next generation Internet Protocol for the support capability are added;
?€? It is uniformly divided into basic-grade and reinforced-grade.
This Standard was proposed by and shall be under the jurisdiction of National Technical Committee on Information Technology Security of Standardization Administration of China (SAC/TC 260).
Drafting organizations of this Standard. Ministry of Public Security Computer Information System Security Product Quality Supervision Testing Center, Venustech Co., Ltd., Huawei Technology Co., Ltd., National Liberation Army Information Security Evaluation and Certification Center, Netpower Co., Ltd., Beijing NetentSec Co., Ltd. AND the Third Research Institute of The Ministry of Public Security.
Chief drafting staffs of this Standard. Yu You, Lu Zhen, Zou Chunming, Gu Jian, Shen Liang, Li Yi, Wei Xiang, Wang Guangyu, Lv Yingxuan and Wang Ping.
The previous edition replaced by this Standard is as follows.
?€? GB/T 20281-2006.
Information Security Technology - Security Technical
Requirements and Test-evaluation methods for Firewall
1 Scope
This Standard specifies the firewall in terms of security technical requirements, test-evaluation methods and security grade division.
This Standard is applicable to design, development and testing of firewalls. 2 Normative References
The following documents are essential for the application of this document. For the dated references, only the dated editions apply to this document. For the undated references, the latest edition of the normative document (including amendments) applies.
GB/T 18336.3-2008 Information Technology - Security Techniques - Evaluation Criteria For IT Security - Part 3. Security Assurance
GB/T 25069-2010 Information Security Technology - Glossary
3 Terms and Definitions
For the purposes of this document, the terms and definitions established in GB/T 25069-2010 AND the following ones apply.
Security gateway products which are allocated among security domains to control and filter the access to network layer and with the function of application layer protocol analysis, control and contents testing, which are applicable to IPv4 and IPv6. 3.2
Deep packet inspection
It is based on flow testing and control technology of application layer and will obtain all the application program contents by reading IP packet loads and reconstructing the information of application layer; then it also deals with the contents depending on the policy of system definition.
Deep content inspection
It is able to make a deep analysis for application protocol, identifies all elements therein (such as HTTP protocol, specifically cookie, Get parameters and Post form) and all the protocol service (such as data contents included in the protocol or documents in the business system interaction) and then analyze quickly the data to restore the original communicating information. It can also test whether threat or sensitive contents are included based on the original information.
SQL injection
Its purpose is to cheat the server into doing malicious SQL command by inserting SQL command into submittal or page request parameters of web form.
Cross site scripting
A type of injection, in which the malicious HTML code is injected into a web page by the malicious attacker. The HTML code will be executed when the user browses the page so as to realize malicious attack to the user.
4 Abbreviated Terms
For the purpose of this document, the following abbreviated terms apply. DPI. Deep packet inspection
DCI. Deep content inspection
SQL. Structured Quer...

View full details