Unit 7: Detection and Prevention 7.1 Detection and Prevention Firewalls

杜轩昂
2023-12-01

Firewalls can be physical hardware devices, or simply software.

防火墙可以是物理硬件设备,也可以是简单的软件。

 

Firewalls filter traffic based on rules.

防火墙根据规则过滤流量。

 

Filtering as far as firewalls are concerned means
that certain packets are not let into a network.

就防火墙而言,过滤意味着某些数据包不允许进入网络。

 

It also means that packets on the way out of a network can be blocked from leaving.

它还意味着在离开网络的途中可以阻止数据包离开。

 

Certain packets will not be filtered.

某些包不会被过滤。

 

So we can say that firewalls permit or deny traffic both inbound and outbound.

因此我们可以说防火墙允许或拒绝入站和出站的流量。

 

When you go to a concert, the ticket taker won't let you in if you don't have a ticket.

当你去听音乐会时,如果你没有票,售票员是不会让你进去的。

 

You're filtered inbound.

你过滤入站。

 

However, if you had a ticket you'd be let in and you wouldn't be filtered.

然而,如果你有一张票,你会被允许进入,你不会被过滤。

 

In the 1988 classic movie, Die Hard, employees were not allowed to leave the Nakatomi building.

在1988年的经典电影《虎胆龙威》(Die Hard)中臣大厦,员工被禁止离开。

 

Hans Gruber and his buddies were applying an outbound filter.

Hans Gruber和他的伙伴正在应用一个出站过滤器。

 

John McClane did get out but not because he was permitted by the Hans Gruber firewall.

约翰·麦克连确实逃了出来,但这并不是因为汉斯·格鲁伯防火墙允许他这么做。

 

McClane actually evaded the firewall and got out.

麦克莱恩实际上躲过了防火墙,逃了出来。

 

Later we'll see what happens when packets sneak by the firewall in a similar fashion.

稍后我们将看到当信息包以类似的方式通过防火墙时会发生什么。

 

Firewalls can filter by source IP address, destination IP addresses,
protocols, ports, and other criteria.

防火墙可以根据源IP地址、目标IP地址、协议、端口和其他条件进行过滤。

 

Firewall sits on the border between the trusted inside and the untrusted outside.

防火墙位于可信的内部和不可信的外部之间的边界。

 

One side of the firewall is under the administrator's control.

防火墙的一侧由管理员控制。

 

The other side is connected to the big bad unknown.

另一边则与未知的大恶有关。

 

Firewalls help prevent unauthorized access to or from a system or network.

防火墙有助于防止未经授权的系统或网络访问。

 

This includes traffic that might attack your computer
by malicious users or by malicious software.

这包括可能由恶意用户或恶意软件攻击您的计算机的流量。

 

Firewalls restrict traffic the same way a police checkpoint would inspect cars coming
in or out of a certain location.

防火墙限制交通,就像警察检查站检查进出某个地点的车辆一样。

 

Network activity in both directions is logged by the firewall
for a potential forensic investigation.

防火墙会记录两个方向的网络活动,以便进行可能的取证调查。

 

Malware is restricted inbound and outbound.

恶意软件被限制入站和出站。

 

Inbound to protect the company's resources.

入驻,保护公司资源。

 

And outbound so the company can't be accused of originating an attack.

这样公司就不会被指控发起攻击。

 

Firewalls are also a way to restrict employees
from visiting certain sites like Facebook and YouTube.

防火墙也是限制员工访问Facebook和YouTube等网站的一种方式。

 

And at the same time, prevents them from downloading potential malware.

同时,防止他们下载潜在的恶意软件。

 

Hardware based firewalls are also referred to as network based firewalls.

基于硬件的防火墙也称为基于网络的防火墙。

 

One side is the network that the firewall is trying to protect.

一方面是防火墙试图保护的网络。

 

And the other side is the untrusted outside.

另一边是不可信的外部。

 

This type of firewall can be strategically placed between the corporate edge router
which connects to the ISP and the inside autonomous system.

这种类型的防火墙可以战略性地放置在连接到ISP的企业边缘路由器和内部自治系统之间。

 

Network based firewalls can also be placed on one side
of an internal corporate router that doesn't connect to the ISP.

基于网络的防火墙也可以放置在不连接ISP的内部公司路由器的一侧。

 

In that case, the untrusted outside would be not only the untrusted internet
but certain internal networks as well.

在这种情况下,不受信任的外部不仅是不受信任的internet,而且还有某些内部网络。

 

That still leaves a network vulnerable to malicious traffic originating
from that very network but an IDS, intrusion detection system, and an IPS,
intrusion prevention system, deal with this and we'll see them a bit later.

这仍然使网络容易受到来自该网络的恶意流量的攻击,但IDS、入侵检测系统和IPS(入侵预防系统)会处理这个问题,稍后我们将看到它们。

 

Software based firewalls are also known as host based firewalls.

基于软件的防火墙也称为基于主机的防火墙。

 

They only protect a single system.

它们只保护一个系统。

 

They can mitigate the risk of an attack spreading from one machine to another.

它们可以降低攻击从一台机器传播到另一台机器的风险。

 

Most operating systems have software based firewalls built in.

大多数操作系统都内置了基于软件的防火墙。

 

In this case, the trusted inside would just be the local machine
and the untrusted outside would not only be the internet and other networks
but all the vices on the current network as well.

在这种情况下,内部受信任的只是本地机器,外部不受信任的不仅是internet和其他网络,还有当前网络上的所有缺陷。

 

The border of untrusted to trusted, in this case,
essentially is the vice's nic, network interface card.

不可信到可信的边界,在这种情况下,本质上是vice的nic,网络接口卡。

 

Anything on the other side of the nic as far
as a host based firewall is concerned is the untrusted outside.

网卡另一面的任何东西,只要是基于主机的防火墙,都是不可信的。

 

转载于:https://www.cnblogs.com/sec875/articles/10420189.html

 类似资料:

相关阅读

相关文章

相关问答