security defence firewall 中文意思是什麼
security defence firewall
解釋
反黑精英網路防火墻-
The article points out the importance and necessity of the information - security from its actuality in our country. the resources in the information system, for instance, hardware, software, data, document, operator, meterial and so on, are evaluated and gived safety grade firstly. and then, it analyses the menace including the nonauthorized access, the information leak, the refused sevice, the internal objection which the system will take. the following are the corresponding control police : confirm the users " rights and duties, including the mode of using account, the limit of accessing resource, the application of password, the building of backup ; confirm the administrators " right and duties, including physical safety, system configuration, account configuration and usufruct, password management, audit and control, backup and individual intimity ; run - of - mill measure of security defence, including access control, symbol and identification, integrality control, password technique, firewall system, audit and resumption, safety of operating system, safety of database system, defence of computers " virus and resisting - deny protocol. in the end, the article offers the strategies of disposing the safety - accident and analyse after ithow. to report it, how to solve it in phase, and how to avoid it happening again. in a word, the article presents a holistic resolvent about keeping away the information system ' s security, and supplies a essential frame for its configuration, management and application
然後,對系統可能受到的威脅,包括非授權訪問、信息泄漏、拒絕服務和內部缺陷等進行分析,並提出了相應的控制策略:確定用戶的權力和責任,包括帳戶使用方式、資源訪問權限、口令應用以及建立備份等;確定系統管理員的權力和責任,包括物理安全、系統配置、帳戶設置及使用權限、口令管理、審計和監控、備份以及個人隱私等方面;一般性的安全防護措施:存取控制、標識和認證、完整性控制、密碼技術、防火墻系統、審計和恢復、操作系統安全、數據庫系統安全、計算機病毒防護和抗抵賴協議等。最後,對事故處理和事後分析提供策略,如何報告安全事故,如何協調解決安全事故,如何避免安全事故再次發生。總之,本文對信息系統安全防範工作給出一個整體的解決方案,為其在配置、管理和應用方面提供了基本的框架。 -
With the evolution of network technologyjnternet takes more and more great part in our life. in the same time, the security of network become the focus of people. the traditonal method used for defence is adopt as strategy of prohibit, such as firewall, encrypt, access control, security system e. t. these methods all have some impact on defence, but from the view of system security management. but they are not enough only for defence. intrusion detection system can detect outside attack or misuse, it is an kind of logical compensation for defence
隨著網路技術的迅速發展,網路日益成為人們生活的重要部分,與此同時,黑客頻頻入侵網路,網路安全問題成為人們關注的焦點,傳統安全方法是採用盡可能多的禁止策略來進行防禦。目前採用的手段有防火墻、加密、身份認證、訪問控制、安全操作系統等,這些對系統非法入侵都起到一定的作用。然而從系統安全管理角度來說,僅有防禦是不夠的,還應採取主動策略。 -
Main content of " hef ( high efficient firewall ) firewall realize mode study " have : ( 1 ) emulation experiment and ipv6 / tunnelbroker model set up through transproxy, explain transproxy method, improved structure of rfc3053 emphatically, act for technology about solution of efficiency, make their suitable for different need of isp of scale ; ( 2 ) on the basis of analysing ipsec agreement security question, to isakmpsa varying load attacks and improves in consulting, carry on form analyses, proved, design vpn high - efficient safe model based on ip / ipsec concept finally ; ( 3 ) on the basis of ids dynamic characteristic of system, for remedy firewall static deficiency of defence, design one method that the two combine, offer a good foundation for high - efficient online security system ; ( 4 ) through theory design and emulation experiment, the above - mentioned three part can make and imbed fire wall of the system for module, offer certain theoretical foundation to domestic fire wall design of product
《 hef ( highefficientfirewall )防火墻實現模式研究》的主要內容有: ( 1 )通過transproxy模擬實驗及ipv6 / tunnelbroker模型建立,著重闡述transproxy方法、改進的rfc3053的結構,以及代理技術中有關效率的解決方案,使之適用於不同規模的isp的需要; ( 2 )在分析ipsec協議安全性問題基礎上,針對isakmpsa協商中的變換載荷攻擊做出改進,並進行形式化分析、論證,最終設計出基於ip / ipsec概念的vpn高效安全模型: ( 3 )基於ids系統的動態特性,為彌補防火墻靜態防禦的不足,設計出兩者聯動的方法,探索了高效網路安全體系模式研究的新方向; ( 4 ) hef防火墻實現模式的理論研究及模擬實驗,所得三部分研究結論均可設計出module ,內嵌入防火墻系統中,為國內防火墻產品的設計提供了一定的理論基礎。 -
With the scale of the campus network being increasingly expanded, the problem of network security appears to be more and more serious. traditionally, the firewall is the primal line of defence, but it is a passive defense technology. the intrusion detection system ( ids ) is an important part of the computer network security, and it realizes real - time intrusion detection, therefore actively avoiding being attacked
入侵檢測系統( ids )是計算機網路安全的一個重要組成部分,它實現實時入侵檢測的功能,主動保護自己免受網路攻擊,是防火墻的合理補充,擴展了系統管理員的安全管理能力(包括安全審計、監視、攻擊識別和響應) ,提高了信息安全基礎結構的完整性。 -
This paper explores the research work on how to design a giga - bit firewall based on intel ' s network processor ixp1200, which presents both high - performance and security functionality. during the developing period, the author and his friends solved many critical problems, including multiple layer architecture, working modes, allocation of micro - engine, attack defence policies and web uuser interface. also new ideas of improvement on both future network processors and firewall products have been well presented
本文的核心是設計和實現基於ixp1200網路處理器( networkprocessor , np )的千兆硬體防火墻,在開發過程中,解決了多層體系結構、防火墻工作模式、微引擎分配、攻擊防範策略、圖形用戶界面等多方面的問題,在今後網路處理器應用的推廣和防火墻產品開發方面都提出了獨特的見解。
分享友人