当前位置: 技术问答>linux和unix
几道考试题
来源: 互联网 发布时间:2014-12-01
本文导语: 1>Explain what a Network Firewall is 2>Explain what an Application-Proxy Firewall is 3>what is IP Spoofing 4>Why is the internet insecure? 4>what is ARP 5>what is the internet control message protocol 6>what is the Transmission Control Protocol 且...
1>Explain what a Network Firewall is
2>Explain what an Application-Proxy Firewall is
3>what is IP Spoofing
4>Why is the internet insecure?
4>what is ARP
5>what is the internet control message protocol
6>what is the Transmission Control Protocol
且请提供一些掺考资料.
2>Explain what an Application-Proxy Firewall is
3>what is IP Spoofing
4>Why is the internet insecure?
4>what is ARP
5>what is the internet control message protocol
6>what is the Transmission Control Protocol
且请提供一些掺考资料.
|
1>
A firewall is a system that controls the flow of network trafic between a local area network (LAN) and the internet. Firewalls are used first and foremost to enforce the security policy of a particular network site. More specifically, firewalls can provide a more efficient method of securing hosts on a network than host security (securing each individual host separately) could provide. On networks protected by a firewall, each host does not need to be 100% secure, since the firewall will generally make access to those hosts impossible. Even if each host on an internal network were 100% secure, a firewall would still have the benefit of eliminating the unwanted traffic generated by all the unsuccessful attacks which would be present. In addition to protecting network resources from crackers1, firewalls can log internet traffic, eavesdrop on communication (if it is deemed ethical in the given circumstances), or create a virtual private network (VPN)2.
Firewalls are a great asset in securing a LAN, but it is important to realize that there are a number of things that firewalls cannot protect against. For example, firewalls cannot prevent attacks that occur from within the network. Firewalls cannot protect against undiscovered threats. They can only prevent against known threats, and it is possible for a cracker to discover a new threat (such as a bug in a server program) and take advantage of it, but if the exploit was not known when the firewall was built, then there is no guarentee that it will be prevented. Also, firewalls cannot protect against viruses. For these reasons, firewalling is only one of many important techniques in achieving network security.
2>
............
A firewall is a system that controls the flow of network trafic between a local area network (LAN) and the internet. Firewalls are used first and foremost to enforce the security policy of a particular network site. More specifically, firewalls can provide a more efficient method of securing hosts on a network than host security (securing each individual host separately) could provide. On networks protected by a firewall, each host does not need to be 100% secure, since the firewall will generally make access to those hosts impossible. Even if each host on an internal network were 100% secure, a firewall would still have the benefit of eliminating the unwanted traffic generated by all the unsuccessful attacks which would be present. In addition to protecting network resources from crackers1, firewalls can log internet traffic, eavesdrop on communication (if it is deemed ethical in the given circumstances), or create a virtual private network (VPN)2.
Firewalls are a great asset in securing a LAN, but it is important to realize that there are a number of things that firewalls cannot protect against. For example, firewalls cannot prevent attacks that occur from within the network. Firewalls cannot protect against undiscovered threats. They can only prevent against known threats, and it is possible for a cracker to discover a new threat (such as a bug in a server program) and take advantage of it, but if the exploit was not known when the firewall was built, then there is no guarentee that it will be prevented. Also, firewalls cannot protect against viruses. For these reasons, firewalling is only one of many important techniques in achieving network security.
2>
............
|
3IP spoof即IP欺骗,是一台主机设备冒充另外一台主机的IP地址,与其它主机进行通信,从而达到某种目的技术。
4因为TCP/IP就是建立在相互信任基础上的。
6TCP协议是建立在IP协议之上的,可靠的,按照顺序发送的协议。
4因为TCP/IP就是建立在相互信任基础上的。
6TCP协议是建立在IP协议之上的,可靠的,按照顺序发送的协议。
|
ARP (Address Resolution Protocol)
地址解析协议
ARP是将IP地址与网络物理地址一一对应的协议。例如,在IP 4中,地址长度是32位。在以太网中,设备的地址是48位(物理机器地址也称为介质访问控制地址)。一张称为ARP的表,用来支持在MAC地址和IP地址之间的一一对应关系。它提供两者的相互转换。
当传送过来的包要传向一个LAN的主机时,当它到达网关时,网关要求ARP程序找到物理主机或与IP地址相对应的MAC地址。ARP程序在缓存中寻找,如果找到地址,就提供此地址,以便让此包转换成相应的长度和格式,以传送到此主机。如果未找到,ARP程序就在网上广播一个特殊格式的消息,看哪个机器知道与这个IP地址相关的MAC地址。如果一台机器发现那是自己的IP地址,它就发送回应,这样就指出了相应的地址。ARP程序就更新自己的缓存然后发送此包到回应的MAC地址。
因为不同协议的相应处理方法不同,所以有不同网络的地址解析请求。也有反向地址解析协议(RARP)供不知道IP地址的主机从ARP缓存中获得IP地址。
地址解析协议
ARP是将IP地址与网络物理地址一一对应的协议。例如,在IP 4中,地址长度是32位。在以太网中,设备的地址是48位(物理机器地址也称为介质访问控制地址)。一张称为ARP的表,用来支持在MAC地址和IP地址之间的一一对应关系。它提供两者的相互转换。
当传送过来的包要传向一个LAN的主机时,当它到达网关时,网关要求ARP程序找到物理主机或与IP地址相对应的MAC地址。ARP程序在缓存中寻找,如果找到地址,就提供此地址,以便让此包转换成相应的长度和格式,以传送到此主机。如果未找到,ARP程序就在网上广播一个特殊格式的消息,看哪个机器知道与这个IP地址相关的MAC地址。如果一台机器发现那是自己的IP地址,它就发送回应,这样就指出了相应的地址。ARP程序就更新自己的缓存然后发送此包到回应的MAC地址。
因为不同协议的相应处理方法不同,所以有不同网络的地址解析请求。也有反向地址解析协议(RARP)供不知道IP地址的主机从ARP缓存中获得IP地址。
|
Internet控制信息协议(ICMP)
例如,为报告在数据报过程中的错误。为了这个目的才使用了ICMP,它使用IP做于底层支持,好象它是一个高层协议,而实际上它是IP的一部分,必须由其它IP模块实现。
ICMP消息在以下几种情况下发送:当数据报不能到达目的地时,当网关的已经失去缓存功能,当网关能够引导主机在更短路由上发送
例如,为报告在数据报过程中的错误。为了这个目的才使用了ICMP,它使用IP做于底层支持,好象它是一个高层协议,而实际上它是IP的一部分,必须由其它IP模块实现。
ICMP消息在以下几种情况下发送:当数据报不能到达目的地时,当网关的已经失去缓存功能,当网关能够引导主机在更短路由上发送
|
www.google.com,上面尽管搜吧
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。