Revisiting earlier thoughts.
回顾之前的想法。
.
How can you protect each network from malicious trafficthat originates inside of those networks themselves?
如何保护每个网络不受来自这些网络本身的恶意流量的影响?
Firewalls, as we said, sit on the borderbetween the trusted inside network and the untrusted outside.
正如我们所说,防火墙位于可信的内部网络和不可信的外部网络之间的边界上。
The malicious traffic that originates on the inside can't be filteredby a firewall that's at the edge -- it's already in.
来自内部的恶意流量无法被边缘防火墙过滤——它已经存在了。
Furthermore, what happens to traffic that evades the firewalls?
此外,那些避开防火墙的流量会发生什么?
The answer to these important questions is either an IDS -- intrusion detection system --or an IPS, intrusion prevention system.
这些重要问题的答案要么是IDS(入侵检测系统),要么是IPS(入侵预防系统)。
Before we talk about the difference between an IDS and an IPS, let's just lump the twoof them together and discuss how they are different than firewalls.
在我们讨论IDS和ip之间的区别之前,让我们先把它们放在一起讨论它们与防火墙的不同之处。
Think of the firewall as the person looking at your boarding passand ID at the airport before you get to your gate.
把防火墙想象成在你到达登机口之前在机场查看你的登机牌和ID的人。
He's checking what is really the equivalent of the source IP address --who you are, where you live; the destination IP address --where you're flying to; the protocol -- your airline; and the port -- your flight number.
他检查的是源IP地址的等价物你是谁,住在哪里;目的地IP地址——你要飞往的地方;协议——你的航空公司;还有港口——你的航班号。
Even with DPI, deep packet inspection, he's still using a set of preconfigured rules.
即使使用DPI和深度包检查,他仍然使用一组预先配置的规则。
He might ask you what you do for a living or why you're going to a particular destination.
他可能会问你做什么工作,或者你为什么要去一个特定的目的地。
The IDS's or IPS's would be the security guards on the other side by the gateswhere the people wait to board their planes.
IDS或IPS是门那边的保安,人们在那里等着登机。
A passenger who got by the initial screening might start causing problems by the gate,possibly getting loud and violent over the delay of a flight.
一名通过初步安检的乘客可能会在登机口引起麻烦,可能会因为航班延误而变得吵闹和暴力。
He might even be entering areas restricted for airport employees.
他甚至可能进入了机场工作人员的禁区。
The firewall, the TSA screener who looked at your boarding pass, can't help at this point.
美国运输安全管理局(TSA)的安检人员查看了你的登机牌,在这一点上无能为力。
The problem exists beyond that location now.
现在问题已经超出了那个地方。
The IDS or IPS kicks in, which requires more logic and learning.
IDS或IPS开始发挥作用,这需要更多的逻辑和学习。
IDS's and IPS's have to make decisions on where certain lines were crossedand then take appropriate action.
IDS和IPS必须决定某些线在何处交叉,然后采取适当的行动。
The firewall, the TSA agent looking at your board pass, is still a very necessary component.
美国运输安全管理局(TSA)的安检人员会检查你的登机牌,防火墙仍然是一个非常必要的组成部分。
If everyone was just let through to the gates, the airport guards would be overwhelmedand wouldn't be able to monitor all potential passengers.
如果每个人都被允许进入登机口,机场警卫将不堪重负,无法监控所有可能的乘客。
The firewall weeds out those that shouldn't go in, but the IDS or IPS adds a new dimensionfor those passengers that made it past the first screening.
防火墙清除了那些不应该进入的,但是id或ip为那些通过第一次检查的乘客增加了一个新的维度。
转载于:https://www.cnblogs.com/sec875/articles/10420198.html
相关资源:JAVA上百实例源码以及开源项目