Internet Security

摘要

There are many benefits to connecting your site to the Internet, but there are risks as well. Today's Internetrnsecurity threats range from curious prowlers to well-organized, technically knowledgeable intruders who couldrngain access to your site's private information. The number and sophistication of these threats grow each year,rnjust like the Internet itself.rnWhile it's a good idea to make your workstations, servers, and other systems as individually secure as possible,rnthis is not sufficient to defend your site from attack. Without the ability to protect your entire network at itsrnconnection point, your defense is only as strong as its weakest link, and securing each and every system is arncomplex and cumbersome job with no guarantee of success, because of the variety of different operating systems,rnreleases, vendor patches, and administrative domains. However, by analyzing and defending against threats atrnyour site's point of connection to the Internet, we can take advantage of most Internet services, such as thernWorld Wide Web, electronic mail, and anonymous FTP, while at the same time limiting your risk ofrnintrusions.rnAn Internet firewall is a security mechanism that allows limited access to your site from the Internet,rnallowing approved traffic in and out according to a thought-out plan. CGI (Common Gateway Interface) scriptsrnare a major source of security holes. Although the CGI protocol is not inherently insecure, CGI scripts must bernwritten with just as much care as the server itself. So there we have it - security, speed, and management - thernthree parameters of the firewall. A firewall provides not only real security - it often plays an important role as arnsecurity blanket for management.rnLastly, a firewall can act as a corporate "ambassador" to the Internet. Many corporations use their firewallrnsystems as a place to store public information about corporate products and services, files to download, bug fixes,rnetc. Several of these systems have become important parts of the Internet service structure and have reflectedrnwell on their organizational sponsors.