急需一篇关于防火墙方面的外文翻译（中文和英文都要）中文大概3000字左右十万火急!邮箱：gk@lotware.com.cn

急需一篇关于防火墙方面的外文翻译（中文和英文都要）中文大概3000字左右十万火急!邮箱：gk@lotware.com.cn
急需一篇关于防火墙方面的外文翻译（中文和英文都要）
中文大概3000字左右
十万火急!
邮箱：gk@lotware.com.cn

急需一篇关于防火墙方面的外文翻译（中文和英文都要）中文大概3000字左右十万火急!邮箱：gk@lotware.com.cn
我的太长了,发不了,我直接发你邮箱里了,分要给我哈!

The increasing popularity of the Internet, browse the Internet access not only to increase data transmission capacity, the network was the possibility of increased attacks, but also because of the ope...

全部展开

The increasing popularity of the Internet, browse the Internet access not only to increase data transmission capacity, the network was the possibility of increased attacks, but also because of the open Internet, network security the way there have been fundamental changes in security issues more complicated . The traditional emphasis on a unified and centralized network security management and control can be taken by encryption, authentication, access control, audit logs, as well as many other technical means, and the implementation of their communications by the two sides together; because the Internet is an open global network , The complex structure of the network, the security ways. Internet security technologies involved in traditional network security technology and distributed network security technology, and is mainly used to resolve how to use the Internet for communications security, while protecting the internal network from external attacks. Under such circumstances, the firewall technology came into being. Firewall technology based on the precautionary approach and the focus is divided into many different types, but the whole package can be divided into the filter, application-level gateway and proxy servers, such as several types.
1. Packet-filtering firewall
Packet filter (Packet Filtering) technology in the network layer packets to choose, the choice is based on the system set up to filter logic, known as Access Control List (Access Control Table). By examining the flow of data in each packet source address, destination address, port number used, such as the status of the agreement, or a combination of them to determine whether to allow the packets through. Packet filtering firewall logic simple, cheap, easy to install and use, network performance and transparency, it is usually installed on the router. Router is the internal network and Internet connection are essential equipment in the existing network firewall to increase this kind of almost do not need any additional costs. Packet filtering firewall there are two drawbacks: First, once the illegal visit to a breakthrough firewall can be host of software and configuration vulnerabilities to attack; Second, the packet source address, destination address, as well as the IP port number in the packet Head, is likely to be counterfeit or eavesdropping. Packet filtering or packet filtering is a common, cheap and effective means of security. The reason why GM, as it is not targeted at any specific network services to take special treatment; was cheap, since most routers offer packet filtering; was effective because it can to a large extent to meet the Safety requirements. According to the information derived from IP, TCP or UDP header. Packet filtering is not the merits of changes to the client and host applications, as it work in the network layer and transport layer, has nothing to do with the application layer. But its weakness is obvious: It is the only judge to filter network layer and transport layer of the limited information, a variety of safety requirements and therefore can not be fully satisfied; in many filters, the number of filter rules is limited, and with the The increase in the number of rules, the performance will be greatly affected; due to the lack of context-related information, can not effectively filter such as UDP, RPC for a class of the agreement; In addition, most of the filters in the lack of audit and alarm mechanisms, and management and user interface Poor; the security requirements of high-quality managers, the establishment of safety rules, it is important to the agreement itself and its various applications in the role of a more profound understanding. As a result, the filter is usually used in conjunction with gateway and application of common components of a firewall system.
2. Application-level gateway firewall
Application-level Gateway (Application Level Gateways) in the network application layer protocol on the establishment of filtering and forwarding functions. Its application-specific network services agreement specified the use of the data filtering logic and filtering, packets of the necessary analysis of registration and statistics, the formation of the report. The actual application is usually installed in the gateway dedicated system workstations. Packet filtering and application gateway firewall have a common characteristic is that they rely on only a specific logic to determine whether or not allowed through the packet. Once the logic meet, both within and outside the firewall computer system to establish direct contacts, the external firewall may direct the user to understand the firewall's internal network structure and operation of the state, which is conducive to the implementation of unauthorized access and attacks.
3. Firewall-agency services
Agency services (Proxy Service), also known as link-level gateway or TCP channel (Circuit Level Gateways or TCP Tunnels), it was also attributable to a class of application-level gateway. It is for packet filtering and application gateway technology shortcomings and the introduction of firewall technology, characterized by a firewall across all network communication link is divided into two sections. Computer systems inside and outside the firewall between the application layer of the "link", by the termination of the two proxy server on the "link" to achieve internal and external computer
Web links can only reach the proxy server, which has played an isolated computer systems inside and outside the firewall. In addition, the agency services in the past also the packet analysis, the registration form of the report, at the same time when the attack was discovered signs will alert to the network administrator, and retain traces of the attack. Application-based firewall is the agent intranet and extranet isolation, surveillance and isolation plays an application layer traffic. At the same time, often combined into the filter. It's the work of the OSI model at the highest level, holds the applications can be used in all of the information security decision-making.
4. Composite firewall
As a result of higher security requirements, often based on packet filtering method and application of agent-based approach, so as to form a complex firewall products. This is usually combined with the following two programs. Shielding host firewall architecture: the structure, or router packet filtering firewall connected with the Internet and at the same time a bastion of machines are installed on the internal network through a router or a packet filtering firewall filtering rules set up so that the fortress Machine on the Internet become the other nodes can only reach the nodes, which ensured that the internal network from unauthorized users outside of the attack. Subnet mask firewall architecture: a fortress on a sub-machine network, the formation of the demilitarized zone, division of the two sub-filtering routers on the network at both ends so that the subnet and the Internet and internal networks Separation. Subnet mask in the firewall architecture, the bastion host and packet filtering routers together form the basis for the safety of a firewall as a whole.

收起

网络防火墙
NETWORK FIREWALLS
The purpose of a network firewall is to provide a shell around the network which will protect the systems connected to the network from various threats. The types of ...

全部展开

网络防火墙
NETWORK FIREWALLS
The purpose of a network firewall is to provide a shell around the network which will protect the systems connected to the network from various threats. The types of threats a firewall can protect against include:
● Unauthorized access to network resources—an intruder may break into a host on the network and gain unauthorized access to files.
● Denial of service—an individual from outside of the network could, for example, send thousands of mail messages to a host on the net in an attempt to fill available disk space or load the network links.
● Masquerading—electronic mail appearing to have originated from one individual could have been forged by another with the intent to embarrass or cause harm.
A firewall can reduce risks to network systems by filtering out inherently insecure network services. Network File System (NFS) services, for example, could be prevented from being used from outside of a network by blocking all NFS traffic to or from the network. This protects the individual hosts while still allowing the service, which is useful in a LAN environment, on the internal network. One way to avoid the problems associated with network computing would be to completely disconnect an organization’s internal network from any other external system. This, of course, is not the preferred method. Instead what is needed is a way to filter access to the network while still allowing users access to the “outside world”.
In this configuration, the internal network is separated from external networks by a firewall gateway. A gateway is normally used to perform relay services between two networks. In the case of a firewall gateway, it also provides a filtering service which limits the types of information that can be passed to or from hosts located on the internal network. There are three basic techniques used for firewalls: packet filtering, circuit gateway, and application gateways. Often, more than one of these is used to provide the complete firewall service.
There are several configuration schemes of firewall in the practical application of inter-network security. They usually use the following terminologies:
● Screening router—it can be a commercial router or a host—based router with some kind of packet filtering capability.
● Bastion host—it is a system identified by the firewall administrator as a critical strong point in the network security.
● Dual—homed gateway—some firewalls are implemented without a screening router, by placing a system on both the private network and the Internet, and disabling TCP/IP forwarding.
● Screened?host gateway—it is possibly the most common firewall configuration. This is implemented using a screening router and a bastion host.
● Screened subnet—an isolated subnet is situated between the Internet and the private network. Typically, this network is isolated using screening routers, which may implement varying levels of filtering.
● Application—level gateway—it is also called a proxy gateway and usually operates at a user level rather than the lower protocol level common to the other firewall techniques.
翻译
网络防火墙
网络防火墙
的目的，网络防火墙，是提供一个壳各地的网络，将保护系统连接到网络的各种威胁。该类型的威胁防火墙可以抵御包括：
●未经授权的访问网络资源，入侵者可能会中断到主机的网络和获得未经授权的存取档案。
●拒绝服务，一个人从外部网络，例如，发送成千上万的邮件到主机上的净企图填补可用磁盘空间或负载网络的联系。
●伪装，电子信箱似乎源自一个人本来是伪造的另一个意图难堪或造成损害。
防火墙可以减少风险网络系统，筛选出内在的不安全的网络服务。网络文件系统（ NFS ）服务，例如，可以防止被用于从外部网络通过阻断所有NFS的流量，或从网络。这保护个人主机同时还允许服务，这是有益的局域网环境，对内部网络。其中一个方法，以避免相关问题的网络计算将完全中断一个组织的内部网络的任何其他外部系统。当然，这不是首选方法。相反所需要的是一种过滤器接入网络，同时还允许用户进入“外部世界” 。
在此配置中，内部网络是分开的外部网络防火墙网关。网关通常是用来执行中继服务两个网络之间。如防火墙网关，它也提供了一个过滤服务从而限制了类型的信息可以传递到或从主机位于内部网络。有三种基本技术用于防火墙：包过滤，电路网关，应用网关。通常，一个以上的这些是用来提供完整的防火墙服务。
有几个配置计划的防火墙实际应用间的网络安全。他们通常使用下列用语：
●筛选路由器，它可以是一个商业路由器或基于主机的路由器与某种形式的包过滤能力。
●堡垒主机，这是一个确定的系统防火墙管理员作为一个重要的优势在网络安全。
●双宿网关的一些防火墙执行筛选路由器，通过一个系统对私人网络和互联网，并禁用TCP / IP转发。
●屏蔽?主机网关它可能是最常见的防火墙配置。这是实施使用筛选路由器和一个堡垒主机。
●屏蔽子网，一个孤立的子网之间是互联网和私人网络。通常情况下，这一网络是孤立的筛选路由器使用，可实现不同程度的过滤。
●应用级网关，它也被称为代理网关和经营通常在用户级别，而不是低层次的共同协议的其他防火墙技术。

收起