【正文】 tion differently. They scrutinize, examine, and control the work traffic in numerous ways depending on their software architecture. Below are firewalls that work in different ways. 1） Packet Filtering Firewall Technique Many routers use a firewall technique called packet filtering, which examines the source and destination addresses and ports of ining TCP and UDP packets, denying or allowing packets to enter based on a set of predefined rules set by the administrator. Packet filters are inexpensive, transparent to users, and have a negligible impact on work performance. Configuring packet filtering is a relatively plex process, requiring a precise knowledge of work, transport, and even application protocol strategy. A problem with packet filters is that they are susceptible to“IP spoofing”, a trick that hackers use to gain access to a corporate work. Intruders fool the firewall by changing Inter Protocol addresses in packet headers to ones that are acceptable. 2） The ApplicationGateway Firewall A more sophisticated and secure type of firewall is an application gateway, which is generally considered more secure than packet filters. Application gateways are programs 濱州學(xué)院畢業(yè)設(shè)計 (專業(yè)外文翻譯 ) 3 written for specific Inter services such as HTTP, FTP, and tel。 applications that run on a server with two work connections, acting as a server to the application client and as a client to the application server. Application gateways evaluate work packets for valid specific data making the proxies more secure than packet filtering. Most applicationgateway firewalls also have a feature called work address translation that prevents internal IP addresses from appearing to users outside the trusted work. There are two primary disadvantages to application gateways. The first disadvantage is a performance decline caused by the proxy function’s double processing. Another is the lag time for the firewall vendor to supply an application proxy for a newly introduced Inter service, such as Real Audio. 3） SOCKS firewall Another type of applicationproxy firewall is the SOCKS firewall. Where normal applicationproxy firewalls do not require modifications to work clients, SOCKS firewalls require specially modified work clients. This means users have to modify every system on their internal work that needs to municate with the external work. On a Windows or OS/2 system, this can be as easy as swapping a few DLLs. In cases where performance is concerned, organizations using application gateways should not be worried with a 10Mbps Ether or 100Mbps Fast Ether connection. If panies use application proxies within their work, they can consider fast hardwarebased solutions such as Cisco’s PIX Firewall or Seattle Software’s Firebox. The pany may also consider installing firewall software on a system with multiple processors. Major firewall vendors have incorporated additional security technologies into their firewall products and partnered with other security vendors to offer plete Inter security solutions. These additional features will be discussed subsequently in this article and include encryption, authentication and protection from malicious Java and ActiveX downloads. 濱州學(xué)院畢業(yè)設(shè)計 (專業(yè)外文翻譯 ) 4 3. Authentication Firewalls do their authentication using IP addresses, which can be faked. If a pany wants to give certain users access over the Inter to sensitive internal files and data, they will want to make sure to authenticate each user. Authentication simply describes the numerous methods that positively identify a user. Passwords are the most mon method of authentication used today, but employees are notorious for making poor password choices that can be guessed by an experienced hacker. In addition to passwords, which are often usually “something you know,” many organizations are turning to solutions that also require “something you have,” such as tokens and smart cards. Tokens are small, credit card or calculatorsize devices that the remote user can carry around. Smart cards used for authentication are similar to tokens, except they need a reader to process the authentication request. Both use a challenge response scheme. W hen the user attempts to connect, an authentication server on the work issues a challenge, which the user keys into the token device. The device displays the appropriate response, which the remote user then sends to the server. Many of these tokens may also require the user to type in a PIN. Firewalls can support these authentication products with minor adjustments. The administrator simply configures the firewall to forward authentication for certain services to the designated thirdparty server, or uses any included authentication service. 4. Encryption As offices and organizations connect to the Inter, many will consider the Inter infrastructure an inexpensive way for widearea and remote connections. In addition to panies, Inter merce vendors need to protect credit card and order transactions being transferred through the Inter. To use the Inter for these purposes, panies have to protect their information and customers with encryption. Encryption is the process of using an encryption algo