计算机网络安全双语chapter-11-Firewall课件.ppt

上传人(卖家):晟晟文业 文档编号:4317101 上传时间:2022-11-29 格式:PPT 页数:35 大小:1.20MB
下载 相关 举报
计算机网络安全双语chapter-11-Firewall课件.ppt_第1页
第1页 / 共35页
计算机网络安全双语chapter-11-Firewall课件.ppt_第2页
第2页 / 共35页
计算机网络安全双语chapter-11-Firewall课件.ppt_第3页
第3页 / 共35页
计算机网络安全双语chapter-11-Firewall课件.ppt_第4页
第4页 / 共35页
计算机网络安全双语chapter-11-Firewall课件.ppt_第5页
第5页 / 共35页
点击查看更多>>
资源描述

1、 PGP为什么在压缩前生成签名为什么在压缩前生成签名(1)对未压缩的消息进行签名可以保存未压缩)对未压缩的消息进行签名可以保存未压缩的消息和签名,验证时直接处理,不用涉及压缩的消息和签名,验证时直接处理,不用涉及压缩部分的内容部分的内容(2)释然可以在验证时对消息重新压缩后验证,)释然可以在验证时对消息重新压缩后验证,用用PGP现有的压缩算法很难实现这个处理过程。现有的压缩算法很难实现这个处理过程。主要内容 木马木马 防火墙防火墙木马 利用计算机利用计算机程序程序漏洞侵入后窃取文件的程序程序漏洞侵入后窃取文件的程序程序被称为木马被称为木马 软件部分:实现远程控制所必须的软件程序。控软件部分:实

2、现远程控制所必须的软件程序。控制端程序:控制端用以远程控制服务端的程序。制端程序:控制端用以远程控制服务端的程序。木马程序木马程序:潜入服务端内部,获取其操作权限的:潜入服务端内部,获取其操作权限的程序,设置木马程序的程序,设置木马程序的端口号端口号。具体连接部分:通过具体连接部分:通过INTERNET在服务端和控制在服务端和控制端之间建立一条木马通道。木马端口:即控制端,端之间建立一条木马通道。木马端口:即控制端,服务端的数据入口,通过这个入口,数据可直达服务端的数据入口,通过这个入口,数据可直达控制端程序或木马程序。控制端程序或木马程序。Secure,trusted operating s

3、ystems are one way to secure against Trojan Horse attacks敏感敏感公开公开防火墙防火墙products-device Throughput(Mbps)2000 Security filtering bandwidth 1100 IDS Dos、DDoS Security standard ICSA Firewall,ICSA IPSec,VPNC IPSec,ICSA Cryptography Throughput(Mbps)188 Security filtering bandwidth(Mbps)130 IDS DoS Main fu

4、nctions Redundant firewall,filtering URL and virus detection Standard UL1950,CAN/CSA-C22.2 No.950,EN 60950,IEC60825-1,IEC60825-2,EN60825-1,EN60825-2,21CFR 1040products pure software An example Firewall What is firewall Types of Firewalls Firewall Configurations A firewall can be software,hardware,or

5、 a combination of both.All traffic from inside to outside must pass through the firewall Only will be allowed to pass.defined by the local security police Attention:Firewalls dont prevent but,in some circumstances,they can stop viruses from sending information from an infected computer.Establish con

6、trolled links Protect the system(network or a computer)from Internet-based attacksFour general techniques Service control Determines the types of Internet services that can be accessed,inbound or outbound Direction control Determines the direction in which particular service requests are allowed Use

7、r control Controls access to a service according to which user is attempting to access it Behavior control Controls how particular services are used(e.g.filter e-mail)Firewall What is firewall Types of Firewalls Firewall Configurations Packet-filtering 报文过滤报文过滤 Application-level gateways 应用层网关应用层网关

8、Circuit-level gateways 电路层网关电路层网关 Stateful Inspection Firewall 状态检测状态检测(1)Packet-filtering Applies a set of rules to each incoming IP packet and then forwards/discards the packet based on matches to fields in the IP or TCP header Advantages:Simplicity,Transparency to users,High speed Disadvantages:D

9、ifficulty of setting up packet filter rules,Lack of AuthenticationAn example(2)Application-level Gateway proxy server 代理服务器代理服务器 Acts as a relay of application-level traffic Advantages:Higher security than packet filters Only need to scrutinize(细察细察)a few allowable applications.Easy to log and audit

10、(审计审计)all incoming traffic Disadvantages:Additional processing overhead on each connectioncircuit-level gateway It filters packets at of the OSI model.E.g.Socks软件包 An implement of circuit-level gateway Port 1080(Socks server)TCP/UDP1080(4)Stateful Inspection Firewall maintains the state of each TCP

11、session or UDP pseudo-session on outbound TCP/UDP session Firewall What is firewall Types of Firewalls ExamplesScreened host firewall system single-homed bastion host Firewall consists of two systems:A packet-filtering router A bastion host bastion host directly connected with the public network pac

12、ket-filtering router Only packets from and to the bastion host are allowed to pass through the router.Screened-subnet firewall systemAn example of Screened firewallHoney-pot A computer system on the Internet that is set up to attract and trap people who attempt to penetrate other peoples computer systems.欲擒故纵欲擒故纵Most security

展开阅读全文
相关资源
猜你喜欢
相关搜索
资源标签

当前位置:首页 > 办公、行业 > 各类PPT课件(模板)
版权提示 | 免责声明

1,本文(计算机网络安全双语chapter-11-Firewall课件.ppt)为本站会员(晟晟文业)主动上传,163文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。
2,用户下载本文档,所消耗的文币(积分)将全额增加到上传者的账号。
3, 若此文所含内容侵犯了您的版权或隐私,请立即通知163文库(发送邮件至3464097650@qq.com或直接QQ联系客服),我们立即给予删除!


侵权处理QQ:3464097650--上传资料QQ:3464097650

【声明】本站为“文档C2C交易模式”,即用户上传的文档直接卖给(下载)用户,本站只是网络空间服务平台,本站所有原创文档下载所得归上传人所有,如您发现上传作品侵犯了您的版权,请立刻联系我们并提供证据,我们将在3个工作日内予以改正。


163文库-Www.163Wenku.Com |网站地图|