admin管理员组文章数量:1534197
2024年3月22日发(作者:)
the TCP/IP application such as Telnet or FTP. the proxy server ask the users for the name of the remote host. which users
want to access. After the users have answered and offered the correct users' identities and authentication information, the
proxy server communicates the remote host, act as the relay between two communication sites. The whole course can be
totally transparent to users.
There are mainly three types in the firewalls: packet filtering. application gateways and state detection.
Packet filtering firewall works on the network can filter the source address. destination address. source port and
destination port of TCP/IP data packet. It has advantages such as the higher efficiency.
transparent to user. and users might not feel the existence of the packer filtering firewall, unless he is the illegal user and has
been refused. The shortcomings are that it can't ensure the security to most services and protocols, unable to distinguish the
different users of the same IP address effectively,and it is difficult to be configured, monitored and managed. can't offer
enough daily records and warning.
The application gateways firewall performs its function on the application layer, it connects with specific middle-joint (firewall)
by a client procedure, and then the middle-joint connects with the server actually. Unlike the packet filtering firewall. when
using the firewall of this kind. there is no direct connection between the outside networks. so even if the matter has happened
in the firewall. the outside networks can't connect with networks protected. The application gateway firewall offers the
detailed daily records and auditing function, it improved the security of the network greatly. and provides the possibility to
improve the security performance of the existing software too. The application gateways firewall solves the safety problem
based on the specific application program. the products based on Proxy will be improved to configure the service in common
use and non-standard port. However. so long as the application program needs upgrading. the users based on Proxy will find
that they must buy new Proxy server. As a technique of network safety. Firewall combined with proxy server has simple and
practical characteristics, can reach a certain security request in case of not revising the original network application system.
However. if the firewall system is broken through. the network protected is in having no state of protecting. And if an
enterprise hopes to launch the business activity on Internet and carry on communication with numerous customers. it can't
meet the demands. In addition, the firewall based on Proxy Service will often makes the performance of the network
obviously drop.
The third generation of firewall takes the detection technique of state as the core,
combines the packet filtering firewall and application gateways firewall. The state detection firewall accesses and analyzes
the data achieved from the communication layer through the module of state detection to perform its function. The state
monitor act as firewall technique. it is best in security perfonnance, it adopts a software engine.
which executes the tactics of network security on the gateways, called the detection module. On the premise of not
influencing the network to work normally, detection module collects the relevant data to monitor each of the network
communication layers, collects a part of data, namely status information, and stores the data up dynamically for the reference
in making security decision afterward. Detection module
supports many kinds of protocols and application program, and can implement the expansion of application and service very
easily. Different from other safety schemes, before the user's access reaches the operating system of network gateways, the
state monitor should collect the relevant data to analyze, combine network configuration and safety regulation to make the
decisions of acceptance, refutation, appraisal or encrypting to the communication etc Once a certain access violates the
security regulation, the safety alarm will refuse it and write down to report the state of the network to the system management
device. This technology has defects too, namely the configuration of the state monitor is very complicated, and will
decelerate the network.
3. New generation technique of firewalls
According to the present firewalls market, the domestic and international
manufacturers of firewall can all support the basic function of the firewall well,including access control, the network address
transform, proxy, authentication, daily records audit etc. However, as stated before, with the attack to the network increasing,
and user's requisition for network security improving day by day, the firewall must get further development. Combine the
present experience of research and development and the achievement,some relevant studies point out, according to the
development trend of application and technology, how to strengthen the security of firewall, improve the performance of
firewall, enrich the function of firewall, will become the problem that the manufacturer of firewalls must face and solve next.
The purpose of the new generation firewall is mainly combining the packet filtering and proxy technology, overcoming the
defects in the safety respect of two; being able to exert the omnidirectional control from the layer of data chain to the
application layer; implementing the micro-kernel of TCP/IP protocol to perform all the security control on the layer of TCP/IP
protocol; based on the micro-kernel above, making the speed to exceed the
版权声明:本文标题:网络安全与防火墙技术外文翻译文献 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dongtai/1711054677a297368.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论