防火墙技术剖析与启示

Analysis of Firewall Technology and Revelations

针对Internet面临的安全问题,阐述了设置防火墙的目的和作用,介绍了防火墙技术的基本概念和体系结构,讨论了实现防火墙的主要技术手段:数据包过滤、应用级网关和代理服务,并比较了这些技术各自的优缺点。在此基础上总结得出了关于防火墙正确配置、维护以及测试验证的几点重要启示,最后分析了传统防火墙的局限性,指出新一代防火墙应具有的特性。

This paper aims for the security problem that Internet faces with and expounds the purpose and effect of the installation of firewall. The basic concept and architecture of firewall are introduced and the main technologies such as Packet Filtering, Application Level Gateways and Proxy Service which can be applied to realize firewall together with their own advantages and disadvantages are discussed. Based on these analysis,some revelations of correct configuration ,maintenance and verification of firewall are also summed up. The limitation of traditional firewall and attributes which a new generation firewall should have are pointed out at the end of the paper.