网络安全与防火墙技术外文翻译文献

admin管理员组

文章数量:1534197

2024年3月22日发(作者：)

the TCP/IP application such as Telnet or FTP. the proxy server ask the users for the name of the remote host. which users

want to access. After the users have answered and offered the correct users' identities and authentication information, the

proxy server communicates the remote host, act as the relay between two communication sites. The whole course can be

totally transparent to users.

There are mainly three types in the firewalls: packet filtering. application gateways and state detection.

Packet filtering firewall works on the network can filter the source address. destination address. source port and

destination port of TCP/IP data packet. It has advantages such as the higher efficiency.

transparent to user. and users might not feel the existence of the packer filtering firewall, unless he is the illegal user and has

been refused. The shortcomings are that it can't ensure the security to most services and protocols, unable to distinguish the

different users of the same IP address effectively,and it is difficult to be configured, monitored and managed. can't offer

enough daily records and warning.

The application gateways firewall performs its function on the application layer, it connects with specific middle-joint (firewall)

by a client procedure, and then the middle-joint connects with the server actually. Unlike the packet filtering firewall. when

using the firewall of this kind. there is no direct connection between the outside networks. so even if the matter has happened

in the firewall. the outside networks can't connect with networks protected. The application gateway firewall offers the

detailed daily records and auditing function, it improved the security of the network greatly. and provides the possibility to

improve the security performance of the existing software too. The application gateways firewall solves the safety problem

based on the specific application program. the products based on Proxy will be improved to configure the service in common

use and non-standard port. However. so long as the application program needs upgrading. the users based on Proxy will find

that they must buy new Proxy server. As a technique of network safety. Firewall combined with proxy server has simple and

practical characteristics, can reach a certain security request in case of not revising the original network application system.

However. if the firewall system is broken through. the network protected is in having no state of protecting. And if an

enterprise hopes to launch the business activity on Internet and carry on communication with numerous customers. it can't

meet the demands. In addition, the firewall based on Proxy Service will often makes the performance of the network

obviously drop.

The third generation of firewall takes the detection technique of state as the core,

combines the packet filtering firewall and application gateways firewall. The state detection firewall accesses and analyzes

the data achieved from the communication layer through the module of state detection to perform its function. The state

monitor act as firewall technique. it is best in security perfonnance, it adopts a software engine.

which executes the tactics of network security on the gateways, called the detection module. On the premise of not

influencing the network to work normally, detection module collects the relevant data to monitor each of the network

communication layers, collects a part of data, namely status information, and stores the data up dynamically for the reference

in making security decision afterward. Detection module

supports many kinds of protocols and application program, and can implement the expansion of application and service very

easily. Different from other safety schemes, before the user's access reaches the operating system of network gateways, the

state monitor should collect the relevant data to analyze, combine network configuration and safety regulation to make the

decisions of acceptance, refutation, appraisal or encrypting to the communication etc Once a certain access violates the

security regulation, the safety alarm will refuse it and write down to report the state of the network to the system management

device. This technology has defects too, namely the configuration of the state monitor is very complicated, and will

decelerate the network.

3. New generation technique of firewalls

According to the present firewalls market, the domestic and international

manufacturers of firewall can all support the basic function of the firewall well,including access control, the network address

transform, proxy, authentication, daily records audit etc. However, as stated before, with the attack to the network increasing,

and user's requisition for network security improving day by day, the firewall must get further development. Combine the

present experience of research and development and the achievement,some relevant studies point out, according to the

development trend of application and technology, how to strengthen the security of firewall, improve the performance of

firewall, enrich the function of firewall, will become the problem that the manufacturer of firewalls must face and solve next.

The purpose of the new generation firewall is mainly combining the packet filtering and proxy technology, overcoming the

defects in the safety respect of two; being able to exert the omnidirectional control from the layer of data chain to the

application layer; implementing the micro-kernel of TCP/IP protocol to perform all the security control on the layer of TCP/IP

protocol; based on the micro-kernel above, making the speed to exceed the

本文标签： 防火墙翻译文献技术外文