Abstract:
As the key facility that maintains the network security , firewalls take the purpose of establishing an obstacle between trust and trustless network, and put corresponding safety strategy into practice. In this paper , the computer network security and the techniques of firewalls were mainly discussed, the concept and classification of the firewalls were introduced. It also introduced three kind's of basic implement techniques of the firewalls: Packet filtering , Application Proxy and Monitor model in detail. Finally described the trend of development of the firewalls techniques in Internet briefly.
Key words: network security, firewalls, Packet filtering, monitor
1. Introduction
Now with the computer network and e-commerce used widely, network security has become an important problem that we must consider and resolve. More and more professions. enterprises and individuals surfer from the security problem in different degree. they are looking for the more reliable safety solution . In the defense system adopted by network security at present, the firewalls stand the very important position.
As the key facility that maintains the network security. firewalls take the purpose of establishing an obstacle between trust and trustless network, and put corresponding safety strategy into practice.
All the firewalls have the function to filter the IP address. This task checks the IP packet, makes the decision whether to release or to abandon it according to the source address and destination address of the IP. Shown in Fig.I, there is a firewall between two network sections, an UNIX computer is on one side of the firewall, and the other side is a PC client. While the PC client asks a telnet request for the UNIX computer, the client procedure of telnet in the PC produces a TCP packet and passes the packet to the local protocol stack to prepare to send. The protocol stack fills it in one IP packet. then, sends it to UNIX computer through the path defined by the TCP/IP stack of PC. The IP packet can't reach the UNIX computer until it passes the firewall between the PC and the UNIX computer.



摘要：
作為關鍵設施，維護網絡的安全性，防火墻采取建立信任與不可靠的網絡障礙的目的，并落實相應的安全策略。在這個文件中，計算機網絡安全與防火墻的技術，主要討論的概念和分類，介紹了防火墻。它還介紹了三種基本的防火墻實現(xiàn)技術：分組過濾，代理服務器和應用詳細監(jiān)測模型的。最后描述對互聯(lián)網的簡單防火墻技術的發(fā)展趨勢。
關鍵詞：網絡安全，防火墻，包過濾，監(jiān)控
1 介紹
現(xiàn)在，隨著計算機網絡和電子商務的廣泛應用，網絡安全已成為一個我們必須考慮和解決的重要問題。越來越多的專業(yè)，企業(yè)和個人上網的不同程度的安全問題。他們正在尋找更可靠的安全解決方案。在防御系統(tǒng)所采用的網絡安全的現(xiàn)狀，防火墻占據了非常重要的地位。
作為維護網絡安全的關鍵設施，防火墻采取建立一個障礙在信任和不信任的網絡之間，并實施相應的安全策略。
所有的防火墻具有過濾IP地址的功能。這項任務是檢查IP數據包，根據源地址和目的IP地址決定是否釋放或放棄這個數據包。在圖1所示，在兩個網段中間有一個防火墻，一側是UNIX計算機，另一側是PC客戶端。當PC客戶端向UNIX 計算機發(fā)送遠程登陸請求時，PC里的遠程登陸客戶端程序產生一個TCP數據包并把此包傳遞給本地協(xié)議棧準備發(fā)送。協(xié)議棧把它填充在一個IP數據包內，然后通過PC的TCP/IP協(xié)議棧中定義的路徑發(fā)送到UNIX計算機。在它通過PC和UNIX計算機之間的防火墻之前，這個IP包不能送達UNIX計算機。