網絡防火墻(中英對照)

   
　　 The purpose of a network firewall is to provide a shell around the network which will protect the systems connected to the network from various threats．The types of threats a firewall can protect against include：
　   Unauthorized access to network resources—an intruder may break into a host on the network and gain unauthorized access to files．
　   Denial of service—an individual from outside of the network could，for example，send thousands of mail messages to a host on the net in an attempt to fill available disk space or load the network links[1]．
　  Masquerading—electronic mail appearing to have originated from one individual could have been forged by another with the intent to embarrass or cause harm[2]．
　　A firewall can reduce risks to network systems by filtering out inherently insecure network services．Network File System（NFS）services，for example，could be prevented from being used from outside of a network by blocking all NFS traffic to or from the network．This protects the individual hosts while still allowing the service，which is useful in a LAN environment，on the internal network．One way to avoid the problems associated with network computing would be to completely disconnect an organization’s internal network from any other external system．This，of course，is not the preferred method．Instead what is needed is a way to filter access to the network while still allowing users access to the“outside world”．
　　In this configuration，the internal network is separated from external networks by a firewall gateway．A gateway is normally used to perform relay services between two networks．In the case of a firewall gateway，it also provides a filtering service which limits the types of information that can be passed to or from hosts located on the internal network．There are three basic techniques used for firewalls：packet filtering，circuit gateway，and application gateways．Often，more than one of these is used to provide the complete firewall service．
　　There are several configuration schemes of firewall in the practical application of inter-network security．They usually use the following terminologies：
   Screening router—it can be a commercial router or a host—based router with some kind of packet filtering capability．
   Bastion host—it is a system identified by the firewall administrator as a critical strong point in the network security．
 Dual—homed gateway—some firewalls are implemented without a screening router，by placing a system on both the private network and the Internet，and disabling TCP/IP forwarding．
   Screened-host gateway一it is possibly the most common firewall configuration．This is implemented using a screening router and a bastion host．
   Screened subnet—an isolated subnet is situated between the Internet and the private network．Typically，this network is isolated using screening routers，which may implement varying levels of filtering．
   Application—level gateway—it is also called a proxy gateway and usually operates at a user level rather than the lower protocol level common to the other firewall techniques．

NOTES
[1]由于服務器磁盤空間已滿或網絡信道不空而拒絕提供服務。
[2]forge指偽造，intent后面的to...是它的定語。

KEYWORDS
  gateway    網關
  circuit gateway   電路網關
  packet filtering   包過濾
  screening router   屏蔽路由器
  application-level gateway  應用級網關
  bastion host    堡壘主機
  screened subnet   屏蔽子網
  dual-homed gateway   雙宿主網關
  screened-host gateway   屏蔽主機網關
  proxy gateway    代理網關

EXERCISES
Fill in the blanks with appropriate terms or phrases．
（1）The purpose of a network firewall is to protect the systems connected to the network from             ．
（2）An intruder may break into a host on the network，this action is called            ．
（3）An attempt to fill available disk space or load the network links can cause      ．
（4）A firewall can              out inherently insecure network services．
（5）A firewall gateway is used to separate the internal network from             ．
（6）There are three basic techniques used for firewall             ．
（7）A system that identified by the firewall administrator as a critical strong point in the ne-twork security is      ．
（8）A firewall implemented by a screening router and bastion host is called            ．
（9）A system that places on both the private network and the Internet and blocks TCP / IP forwarding is             ．
（10）An isolated subnet that is situated between the Internet and the private network is          ．
    a．filtering           
　　b．dual-homed gateway
    c．packet filtering，circuit gateway and application gateway
　　d．various threats
    e．bastion host           
　　f．unauthorized access
    g．screened subnet          
　　h．external networks
    i．screened-host gateway        
　　j．denial of service

答案：
 1．
（1）d  （2）f   （3）j   （4）a
（5）h  （6）c   （7）e   （8）i
（9）b  （10）g

翻譯：

網絡防火墻
   
　　網絡防火墻的目的是在網絡周圍設置一層外殼，用于防止連入網絡的系統受到各種威脅。防火墻可以防止的威脅類型包括：
 非授權的對網絡資源的訪問——入侵者滲入網上的主機，并對文件進行非授權訪問；
 拒絕服務——網絡以外的某個人可能向該網上的主機發送成千上萬個郵件消息，企圖填滿可用的磁盤空間，或者使網絡鏈路滿負荷；
 冒充——某個人發出的電子郵件可能被別有用心的人篡改，結果使原發件人感到難堪，或受到傷害。
　　防火墻可以通過濾掉某些原有的不安全的網絡業務而降低網絡系統的風險。例如網絡文件系統（NFS）可以通過封鎖進出網絡的所有NFS業務而防止為網絡外部人員所利用。這就保護了各個主機，同時使其一直能在內部網絡中服務，這在局域網環境中很有用。一種避免與網絡計算有關問題的方法是把單位的內部網與其他外部系統完全斷開。當然這不是一個好辦法，其實需要的是對訪問網絡進行過濾，同時仍允許用戶訪問“外部世界”。
    在這種配置中，用一個防火墻網關把內部網和外部網分開。網關一般用于實現兩個網絡之間的中繼業務。防火墻網關還提供過濾業務，它可以限制進出內部網絡主機的信息類型。有3種基本防火墻技術：包過濾、電路網關和應用網關。通�？刹捎蒙鲜龅囊环N以上技術以提供完整的防火墻業務。
    在互聯網絡安全的實際應用中有好幾種防火墻配置方案，它們通常使用以下術語：
 屏蔽路由器一一可以是一種商用路由器，或是帶有某種包過濾功能的基于主機的路由器。
 堡壘主機一一它是由防火墻管理人員認定作為網絡安全最關鍵處的一個系統。
 雙宿主網關一一某些防火墻不使用屏蔽路由器，但在專用網和因特網之間放一個系統，不允許傳送TCP/IP包。
 主機屏蔽網關－一可能是最常用的防火墻配置，它由屏蔽路由器和堡壘主機構成。
 子網屏蔽——位于因特網和專用網之間的一個隔離子網。一般來說，這種網絡用一臺屏蔽路由器來隔離，它可以實現不同級別的過濾功能。
 應用級網關一一又叫做代理網關，它不像普通防火墻在低層協議上工作，而通常在用戶級上工作。

文章來源于領測軟件測試網 http://www.kjueaiud.com/

TAG: 防火墻