网络安全与防火墙技术外文翻译文献.docx

网络安全与防火墙技术外文翻译文献.docx

《网络安全与防火墙技术外文翻译文献.docx》由会员分享，可在线阅读，更多相关《网络安全与防火墙技术外文翻译文献.docx（7页珍藏版）》请在冰豆网上搜索。

网络安全与防火墙技术外文翻译文献

网络安全与防火墙技术外文翻译文献

（文档含中英文对照即英文原文和中文翻译）

原文：

ResearchofNetworkSecurityandFirewallsTechniques

Abstract:

Asthekeyfacilitythatmaintainsthenetworksecurity,firewallstakethepurposeofestablishinganobstaclebetweentrustandtrustlessnetwork,andputcorrespondingsafetystrategyintopractice.Inthispaper,thecomputernetworksecurityandthetechniquesoffirewallsweremainlydiscussed,theconceptandclassificationofthefirewallswereintroduced.Italsointroducedthreekind'sofbasicimplementtechniquesofthefirewalls:

Packetfiltering,ApplicationProxyandMonitormodelindetail.FinallydescribedthetrendofdevelopmentofthefirewallstechniquesinInternetbriefly.

Keywords:

networksecurity,firewalls,Packetfiltering,monitor

1.Introduction

Nowwiththecomputernetworkande-commerceusedwidely,networksecurityhasbecomeanimportantproblemthatwemustconsiderandresolve.Moreandmoreprofessions.enterprisesandindividualssurferfromthesecurityproblemindifferentdegree.theyarelookingforthemorereliablesafetysolution.Inthedefensesystemadoptedbynetworksecurityatpresent,thefirewallsstandtheveryimportantposition.

Asthekeyfacilitythatmaintainsthenetworksecurity.firewallstakethepurposeofestablishinganobstaclebetweentrustandtrustlessnetwork,andputcorrespondingsafetystrategyintopractice.

AllthefirewallshavethefunctiontofiltertheIPaddress.ThistaskcheckstheIPpacket,makesthedecisionwhethertoreleaseortoabandonitaccordingtothesourceaddressanddestinationaddressoftheIP.ShowninFig.I,thereisafirewallbetweentwonetworksections,anUNIXcomputerisononesideofthefirewall,andtheothersideisaPCclient.WhilethePCclientasksatelnetrequestfortheUNIXcomputer,theclientprocedureoftelnetinthePCproducesaTCPpacketandpassesthepackettothelocalprotocolstacktopreparetosend.TheprotocolstackfillsitinoneIPpacket.then,sendsittoUNIXcomputerthroughthepathdefinedbytheTCP/IPstackofPC.TheIPpacketcan'treachtheUNIXcomputeruntilitpassesthefirewallbetweenthePCandtheUNIXcomputer.

Fig.IIpAddressFiltering

TheapplicationfirewallisaveryefficientmeansofnetworksecurityonInternet,itisinstalledbetweenthetrustandtrustlessnetwork,canisolatetheconnectionbetweenthetrustandtrustlessnetwork,anddoesn'thamperpeople'saccesstothetrustlessnetworkatthesametime.Itcanisolatetheconnectionbetweentheriskarea（namelytheremaybeacertainriskonInternet）andthesafearea（LAN）,anddoesn'thamperpeople'saccesstotheriskareaatthesametime.Firewallcanmonitorthetrafficflowinginandoutfromthenetworktofinishthetaskseeminglyimpossible;itonlyallowsthesafeandcheckedinformationtoenterinto,andmeanwhileresistsonthedatathatmaybringaboutthethreattoenterprise.Asthefaultanddefectofthesecurityproblembecomemoreandmoregeneral,theinvasiontothenetworknotonlycomesfromthesuperattackmeans,butalsomaybefromthelower-levelmistakesorimproperpasswordselectionsontheconfiguration.So,thefunctionofthefirewallsispreventingthecommunicationthatnothopedandauthorizedpassesinandoutofthenetworkprotected.forcingthecompaniestostrengthentheirownnetworksecuritypolicy.Thegeneralfirewallscanachievethefollowingpurposes:

First,restrainingothersfromenteringtheinsidenetwork,filteringtheunsafeserviceandillegaluser;Second,preventingtheinvadersfromclosingtoyourdefenseinstallation;Third,limitingtheusertoaccessthespecialsite;Fourth,providingconvenienceformonitoringtheInternetsecurity.

2.Theclassificationandimplementtechnologyoffirewalls

Anintegratedfirewallssystemusuallyconsistsofscreeningrouterandproxyserver.Thescreeningrouterisamulti-portIProuter.itchecktheeachcomingIPpacketaccordingtothegroupregulartojudgewhethertotransmitit.Thescreeningroutergetsinformationfromthepacket.fotexampletheprotocolnumber.theIPaddressandportnumberthatreceivingandsendingmassages.theflagoflinkevensomeotherIPselections.filteringIPpacket.Theproxyserverareserverprocessinthefirewall.itcanreplacethenetworkusertofinishthespecificTCP/IPfunction.Aproxyserverisnaturallyagatewayofapplicationlayer.agatewayoftwonetworksjoinedspecificnetworkapplication.UserscontactwithproxyserverbyoneoftheTCP/IPapplicationsuchasTelnetorFTP.theproxyserverasktheusersforthenameoftheremotehost.whichuserswanttoaccess.Aftertheusershaveansweredandofferedthecorrectusers'identitiesandauthenticationinformation,theproxyservercommunicatestheremotehost,actastherelaybetweentwocommunicationsites.Thewholecoursecanbetotallytransparenttousers.

Therearemainlythreetypesinthefirewalls:

packetfiltering.applicationgatewaysandstatedetection.

Packetfilteringfirewallworksonthenetworklayer.itcanfilterthesourceaddress.destinationaddress.sourceportanddestinationportofTCP/IPdatapacket.Ithasadvantagessuchasthehigherefficiency.

transparenttouser.andusersmightnotfeeltheexistenceofthepackerfilteringfirewall,unlessheistheillegaluserandhasbeenrefused.Theshortcomingsarethatitcan'tensurethesecuritytomostservicesandprotocols,unabletodistinguishthedifferentusersofthesameIPaddresseffectively,anditisdifficulttobeconfigured,monitoredandmanaged.can'tofferenoughdailyrecordsandwarning.

Theapplicationgatewaysfirewallperformsitsfunctionontheapplicationlayer,itconnectswithspecificmiddle-joint（firewall）byaclientprocedure,andthenthemiddle-jointconnectswiththeserveractually.Unlikethepacketfilteringfirewall.whenusingthefirewallofthiskind.thereisnodirectconnectionbetweentheoutsidenetworks.soevenifthematterhashappenedinthefirewall.theoutsidenetworkscan'tconnectwithnetworksprotected.Theapplicationgatewayfirewalloffersthedetaileddailyrecordsandauditingfunction,itimprovedthesecurityofthenetworkgreatly.andprovidesthepossibilitytoimprovethesecurityperformanceoftheexistingsoftwaretoo.Theapplicationgatewaysfirewallsolvesthesafetyproblembasedonthespecificapplicationprogram.theproductsbasedonProxywillbeimprovedtoconfiguretheserviceincommonuseandnon-standardport.However.solongastheapplicationprogramneedsupgrading.theusersbasedonProxywillfindthattheymustbuynewProxyserver.Asatechniqueofnetworksafety.Firewallcombinedwithproxyserverhassimpleandpracticalcharacteristics,canreachacertainsecurityrequestincaseofnotrevisingtheoriginalnetworkapplicationsystem.However.ifthefirewallsystemisbrokenthrough.thenetworkprotectedisinhavingnostateofprotecting.AndifanenterprisehopestolaunchthebusinessactivityonInternetandcarryoncommunicationwithnumerouscustomers.itcan'tmeetthedemands.Inaddition,thefirewallbasedonProxyServicewilloftenmakestheperformanceofthenetworkobviouslydrop.

Thethirdgenerationoffirewalltakesthedetectiontechniqueofstateasthecore,combinesthepacketfilteringfirewallandapplicationgatewaysfirewall.Thestatedetectionfirewallaccessesandanalyzesthedataachievedfromthecommunicationlayerthroughthemoduleofstatedetectiontoperformitsfunction.Thestatemonitoractasfirewalltechnique.itisbestinsecurityperfonnance,itadoptsasoftwareengine.

whichexecutesthetacticsofnetworksecurityonthegateways,calledthedetectionmodule.Onthepremiseofnotinfluencingthenetworktoworknormally,detectionmodulecollectstherelevantdatatomonitoreachofthenetworkcommunicationlayers,collectsapartofdata,namelystatusinformation,andstoresthedataupdynamicallyforthereferenceinmakingsecuritydecisionafterward.Detectionmodule

supportsmanykindsofprotocolsandapplicationprogram,andcanimplementtheexpansionofapplicationandserviceveryeasily.Differentfromothersafetyschemes,beforetheuser'saccessreachestheoperatingsystemofnetworkgateways,thestatemonitorshouldcollecttherelevantdatatoanalyze,combinenetworkconfigurationandsafetyregulationtomakethedecisionsofacceptance,refutation,appraisalorencryptingtothecommunicationetcOnceacertainaccessviolatesthesecurityregulation,thesafetyalarmwillrefuseitandwritedowntoreportthestateofthenetworktothesystemmanagementdevice.Thistechnologyhasdefectstoo,namelytheconfigurationofthestatemonitorisverycomplicated,andwilldeceleratethenetwork.

3.Newgenerationtechniqueoffirewalls

Accordingtothepresentfirewallsmarket,thedomesticandinternationalmanufacturersoffirewallcanallsupportthebasicfunctionofthefirewallwell,includingaccesscontrol,thenetworkaddresstransform,proxy,authentication,dailyrecordsauditetc.However,asstatedbefore,withtheattacktothenetworkincreasing,anduser'srequisitionfornetworksecurityimprovingdaybyday,thefirewallmustgetfurtherdevelopment.Combinethepresentexperienceofresearchanddevelopmentandtheachievement,somerelevantstudiespointout,accordingtothedevelopmenttrendofapplicationandtechnology,howtostrengthenthesecurityoffirewall,improvetheperformanceoffirewall,enrichthefunctionoffirewall,willbecometheproblemthatthemanufactureroffirewallsmustfaceandsolvenext.

Thepurposeofthenewgenerationfirewallismainlycombiningthepacketfilteringandproxytechnology,ov