首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
外语
While hackers with motives make headlines, they represent less than 20% of all net- work security breaches. More common are inst
While hackers with motives make headlines, they represent less than 20% of all net- work security breaches. More common are inst
admin
2013-01-29
42
问题
While hackers with motives make headlines, they represent less than 20% of all net- work security breaches. More common are instances of authorized users accidentally winding up where they should not be and inadvertently deleting or changing data. However, the Internet introduces another concern: some Internet surfers are bound to go where they have no business and, in so doing, threaten to wipe out data to which they should not have access.
Before picking a firewall, companies need to adopt security policies. A security policy states who or what is allowed to connect to whom or what. You can group all users by department or classification. The better firewall products let you drag and drop groups in a graphical user interface (GUI) environment to define network security easily.
Two methods are most often used together to establish an Internet firewall. They are application and circuit gateways, as well as packet filtering. With application and circuit gateways, all packets are addressed to a user-level application on a gate-way that relays packets between two points. With most application gateways, additional packet-filter machines are required to control and screen traffic between the gateway and the networks. A typical configuration includes two routers. With a bastion host that serves as the application gateway sitting between them.
A drawback to application and circuit gateways is that they slow network performance. This is because each packet must be copied and processed at least twice by all the communication layers. Packet-filter gateways, which act as routers between two nets, are less secure than application gateways but more efficient. They are transparent to many protocols and applications, and they require no changes in client applications, no specific application management or installation, and no extra hardware.
Using a single, unified packet-filter engine, all net traffic is processed and then for- warded or blocked from a single point of control. However, most packet filters are state- less, understand only low-level protocols, and are difficult to configure and verity. In addition, they lack audit mechanisms. Some packet filters are implemented inside routers, limiting computing power and filtering capabilities. Others are implemented as s9ftware packages that filter the packets in application-layer processes, an inefficient approach that requires multiple data copies, expensive delays and context switches and delivers lower throughput.
So what’s a network administrator to do? Some vendors are developing firewalls that overcome many of these problems and combine the advantages of application gateways and packet filtering. These efficient, protocol-independent, secure firewall engines are capable of application-level security, user authentication, unified support, and handling of all protocols, auditing and altering. They are transparent to users and to system setup, and include a GUI for simple and flexible system management and configuration.
According to what you have read, the author’s probable preference will he ______.
选项
A、walling for the coming of better firewall products,
B、finding a combination of both application gateway and packet filtering approach
C、meeting demands of every type with better products
D、implementing one better approach in the adoption of a firewall solution
答案
B
解析
作者比较了两类防火墙的设计方案,指出了各自的优点和缺点。因此从直观常识可以想象作者希望的解决方案是一个综合优点的方案。另外在文章最后一段中作者说“Some vendors are developing firewalls that overcome many of these problems and combine the advantages of application gateways and packet filtering.”这一句话也可以看出综合两种方法各自的优点是作者的意图。而其他选择项要
转载请注明原文地址:https://kaotiyun.com/show/e41O777K
0
考博英语
相关试题推荐
Thereisnoquestionthattheoldstyleofairpollutioncouldkillpeople.Inoneweekfollowingtheinfamous"peasouper"fogi
Evengeologistisfamiliarwiththeerosioncycle.Nosoonerhasanareaoflandbeenraisedabovesea-levelthanitbecomessub
Humanbeingsareanimals.Webreathe,eatanddigest,andreproducethesamelife【21】commontoallanimals.Inabiologicallabo
CarlyFiorina,Hewlett-Packard’schiefexecutive,cameoutfightingonNovember14th.Inaconferencecallwithanalysts,shean
ThetraditionalAmericanThanksgivingDaycelebration【1】to1621.【2】thatyearaspecialleastwaspreparedinPlymouth,Massachus
Inthesecondhalfofeachyear,manypowerfulstormsareborninthetropicalAtlanticandCaribbeanseas.Of【1】,onlyaboutha
Asanimportantmeansforpreservingknowledge,variousliteratureshavebecomepreciousresourcesforthemankind,whichhaveg
Therearetwobasicwaystoseegrowth:oneasaproduct,theotherasaprocess.Peoplehavegenerallyviewedpersonalgrowtha
Overthepastfewyears,outcriesfromfoodactivistshavechangedmanyAmericans’eatinghabits:Criticismofwidespreadpestici
onthemorningofSeptember’11th,IboardedthetrainfromWashingtonHeightsinUpperManhattanjustasusualandwenttothe
随机试题
还价的基础是()
下列哪几项是经脉的连属部分
税务机关对单价( )元以下的其他生活用品,不采取税收保全措施和强制执行措施。
下列关于行政诉讼的说法中正确的有()。
相邻的4个车位中停放了4辆不同的车,现将所有车开出后再重新停入这4个车位,要求所有车都不得停在原来的车位中,则一共有()种不同的停放方式。
精神分析疗法的具体方法是()。
因为近几年来气候变化,原来春夏季多在秦岭深山生活的花杜鹃逐渐迁移到东北大兴安岭,就在花杜鹃在大兴安岭大量繁殖的时候,柳莺的数量却在大量减少。由于花杜鹃的食物和柳莺完全不同,所以柳莺的大量减少与花杜鹃的大量增加无关。以下哪个如果正确最能削弱上述结论?(
封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICM数据包,正确的access—list配置是()。
8(y+x)=124x-3y=-22
A、Shehasmainlydoneoutboundcallcenterwork.B、Shelearnedaboutthejobthroughherfriends.C、Sheappliedfortheposition
最新回复
(
0
)