Translate into English the following passage

Для эффективного построения распределенных информационных технологий необходимо участие пользователя в функциях, выполняемых в распределенных устройствах, часто удаленных от места положения самого пользователя. В связи с этим встает задача идентификации и аутентификации пользователей в различных компонентах распределенной системы и программной инфраструктуры в зависимости от выполняемых бизнес-процессов. Существует классификация взаимодействия различных пользователей, которая требует различных решений по идентификации и аутентификации и защите информации в целом. Для служащих компании аутентификация должна позволить обеспечить доступ к различным распределенным приложениям, обеспечивая интеграцию различных приложений и в то же время устанавливая заданные требования по безопасности (В2Е).

Read the second part of the article and write one sentence to characterize each type of firewall architecture.

Text 2.

On occasion companies choose to implement a firewall based solely on a single machine, be it a router or host. More often than not, however, the stronger firewalls are composed of multiple parts. In this section, we'll take a look at what we consider the five most common types of firewall architectures: the screening router, the dual homed gateway, the screened gateway, the screened subnet, and the "belt-and-suspenders" firewall.

Screening Router

The simplest way to implement a firewall is by placing packet filters on the router itself. This architecture is completely transparent to all parties involved, but leaves us with a single point of failure. Moreover, since routers are primarily designed to route traffic, the default failure mode on routers is usually to pass traffic to another interface. If something were to happen to the router access control mechanism, then the possibility would exist for unauthorized traffic to find its way into the network or for proprietary information to "leak" out of the network.

Moreover, screening routers tend to violate the choke point principle of firewalls. Although all traffic does pass through the router at one point or another, the router merely passes the traffic on to its ultimate destination. Although screening routers can be an important part of a firewall architecture, we don't consider them adequate firewall mechanisms on their own.

Dual-Homed Gateways

Another common architecture places a single machine with two networks as a dual-homed gateway. Such gateway can be used as a generic dual-homed gateway, as described earlier, in which all users must log in to the machine before proceeding on to the other network, or as a host for proxy servers, in which user accounts are not required.

From a "fail-safe" perspective, dual-homed gateways offer a step up from the simple screening router. Nevertheless, dual-homed gateways have certain feasibility and usability problems that don't always make them easy to use.

Screened Host Gateway

Now let's take a look at how hosts and routers can be used together in a firewall architecture. One of the most common combinations in use today is the screened host gateway.

In the screened host gateway scenario, the router is still the first line of defense. All packet filtering and access control is performed at the router. The router permits only that traffic that the policy explicitly identifies, and further restricts incoming connections to the host gateway. This gateway performs a number of functions:

1. It acts as the name server for the entire corporate network.

2. It serves as a "public" information server, offering Web and anonymous FTP access to the world.

3. It serves as a gateway from which external parties can communicate with internal machines.

Screened Subnet

The screened subnet approach takes the idea of a screened host gateway one step further. The screening router is still present as the first point of entry into the corporate network, and screens incoming traffic between the Internet and the public hosts. Rather than a single gateway, as in the screened host gateway approach, however the functions of that gateway are spread among multiple hosts. One of the hosts could be a Web server, another could serve as the anonymous FTP server, and yet a third as the proxy server host, from which all connections to and from the internal corporate are made.

Functionally, the screened subnet is similar to the screened host gateway: the router protects the gateway from the Internet, and the gateway protects the internal network from the Internet and other public hosts. One distinct advantage that the subnet has over the screened gateway is that it is much easier to implement a screened subnet using "stripped down" hosts, that is, each host on the subnet can be configured to run only those services it is required to server, thus providing an intruder with fewer potential targets on each machine.

Поиск по сайту: