论文修改：防火墙的功能

论文修改：防火墙的功能

防火墙是一种提供网络安全的设备，它负责在一个受信任的区域和一个不受信任的区域之间发生流量时，允许或拒绝网络的访问。防火墙负责在网络中充当一个分界点或一个交通警察，因为每一个通信都需要从这个网络中流动，这就是被拒绝访问或访问的区域(Wu和Shan 39)。通过防火墙强制执行访问控制，该模型用于积极控制，声明只有在防火墙的策略内定义的流量才允许通过网络，但是其余的流量是不允许的。

论文修改：防火墙的功能

最初，防火墙的功能是通过称为访问控制列表的acl执行的。这些经常出现在路由器上。从本质上说，acl是用来确定是否需要为特定IP地址提供访问网络的规则。例如，ACL可以有一条线，说明从172.168.2.2 IP的每一个流量都不应该被授予访问权限等等(Vasu和Sudarsan 92-107)。有一个优势与这些ACL有关,因为他们更高的执行能力和可伸缩性,但他们没有能力读过去的头包只提供基本性质的交通信息(Rhodes-Ousley 2)。因此,ACL的信息包过滤本身没有能力保持远离网络系统的威胁。

论文修改：防火墙的功能

A firewall is a device offering network security which is responsible for granting or rejecting the access over network when flow of traffic happens between a trusted region and an untrusted area over the web. The firewall is responsible for acting as a point of demarcation or a cop of traffic within the network as every communication needs to flow from it and this is the area where traffic is given access or access is rejected (Wu and Shan 39). Access controls are enforced through firewalls using a model for positive control stating that only the defined traffic within the policy of firewall is permitted over the network but the remaining traffic is not allowed.

论文修改：防火墙的功能

Initially, the function of firewall was performed through the ACLs known as Access control lists. These were often present over routers. Essentially, ACLs are rules written out for determining whether the access to network needs to be given or not for a particular address of IP. An ACL, for example could have a line stating that every traffic from 172.168.2.2 IP should not be granted access and so on (Vasu and Sudarsan 92-107). There is an advantage associated with these ACLs because of their higher performing ability and scalability but they do not have the ability of reading past the headers of packet which only provides information of rudimentary nature over the traffic (Rhodes-Ousley 2). Therefore, the packet filtering of ACL itself does not have the capability of keeping threats away from the networking systems.