Upload
yachi
View
108
Download
5
Embed Size (px)
DESCRIPTION
題目 : 防火牆架構與設定. 組員 : 林祐竹、廖辛偉. 單元 1 : 防火牆功能與政策. 防火牆的功能趨勢. • 封包過濾為防火牆系統最主要的功能,透過封包 篩選可以有效的控管組織單位對內及對外流量, 並確保組織單位網路的安全性。 • 近年來駭客大量採用混合型攻擊,讓傳統的防禦 技術逐漸捉襟見肘。 • 市場上資安防禦系統,為因應混合攻擊而出現越 來越多強調“ All-in-One” 的設備產品,或者整合 式威脅控管 (Unified Threat Management, UTM) 的 產品。 • 傳統防火牆整合其它防護機制 ( 入侵偵測、內容過 - PowerPoint PPT Presentation
Citation preview
::
1
All-in-One (Unified Threat Management, UTM) (VPN )
(Security Policy) (Packet Filter) (Authentication) (Logging , Monitor ,Report) (NAT) (Server Publish) (IDSVPN)
(who)(how) (what)
(Deny by Default): (Allow by Default):
2
(1/2) (Access Rules) (Authentication)
(2/2) (LoggingAlert and Monitor) (NATVirtual Server) IP
2
IP TCP/UDP ICMP TYPECODE TCP (URG/ACK/PSH/RST/SYN/FIN) IP IP Options
(Packet Filter)
(IP) (IP) (TCPUDPICMP) (InboundOutboundBoth) (AllowDeny)
(Packet Filtering)
Windows
Windows XP 1/3 1.
Windows XP 2/32. Windows
Windows XP 3/33. WindowsWindows
2
SYSLog Server SNMP Trap (syslog)
()
3
(Content Filter) (VPN)
(Content Filter)
(Application Content Filter)
HTTPWeb Content Filter Email Filter
HTTP (Keyword)URLURL HTTP MIME type HTTPGETPOSTHEADPUT Java Applet Active ActiveScriptingCookiesPopup
() (Attachment) SMTP(VRFY EXPN) ,(Masquerading) E-mail(Relay)
4
(Checklist) (Port scan) (Penetrate Test)
(Keep It Simple and concise) (Least privilege) (Defense in depth) (Minimal information)
, , :
http://dsa.dsc.com.tw/class/fire_wall/firewall_class1.asphttp://www.netfos.com.tw/reprint/fortinet.htm
http://eservice.seed.net.tw/class/class39.html