安全题目,会的清写上答案！标清楚题号！要是不会希望不要发言

junjun

？？？？
网络地址转换，NAT，工作在网络层。
代理服务器，Proxy，工作在应用层。
怎么比？不明白什么意思。

junjun

没法回答。首先要明白前提，这里指的VPN是什么层次的？二层，三层？什么技术构成的?Based on VLAN，IPsec , SSL or MPLS? 什么拓扑结构？星型、网状、Hub－Spoken？
没有界定的问题没法回答。

dancingpig

最初由 junjun 发表
？？？？
网络地址转换，NAT，工作在网络层。
代理服务器，Proxy，工作在应用层。
怎么比？不明白什么意思。

有可以比个，我下面列下但是不是很好。我上次看过相对完整点的比较忘记在哪里了

NAT由于是修改源地址，所以要耗费一定的资源在维护连接和处理地址转换这么个过程上
proxy不需要修改地址，所以这方面的开销少，但是由于它保持着对某一站点的最近一段日期的数据缓存，so在硬盘方面要求比较高。

NAT适合比较小范围的数据流量，如果你在某个大流量的服务器前来个nat那结果很可能不用人家攻击你这服务器已没响应了。
proxy相对好处在与，如果最近的数据没有修改过，它就可以直接响应客户的请求了不需要再与实际的服务器通信了。减少不必要的开销。

但是在安全上就可能相反了，nat由于本身可以配置成对内工作，它从外面看过来就是一台没有开发端口（根据实际情况来分析的）的机器，相对来说安全系数高。对黑客来说内部是黑箱。
而proxy毕竟是开放端口的，如果黑客利用网络分析工具还是可以探测出网络内部的一些结构。

dancingpig

最初由 junjun 发表
没法回答。首先要明白前提，这里指的VPN是什么层次的？二层，三层？什么技术构成的?Based on VLAN，IPsec , SSL or MPLS? 什么拓扑结构？星型、网状、Hub－Spoken？
没有界定的问题没法回答。

这个要问下了，我看资料了解些vpn的基础，只知道目前最多的可能是ppap和ipsec的vpn，你意思based on vlan怎么说？

junjun

找了些资料，摘下来读读。
Application Level Gateway (Proxy)
An application level gateway is often referred to as a proxy. Actually, an
application level gateway provides higher level control on the traffic between two
networks in that the contents of a particular service can be monitored and filtered
according to the network security policy. Therefore, for any desired application,
corresponding proxy code must be installed on the gateway in order to manage that
specific service passing through the gateway。
A proxy acts as a server to the client and as a client to the destination server. A
virtual connection is established between the client and the destination server.
Though the proxy seems to be transparent from the point of view of the client and
the server, the proxy is capable of monitoring and filtering any specific type of data,
such as commands, before sending it to the destination. For example, an FTP
server is permitted to be accessed from outside. In order to protect the server from
any possible attacks the FTP proxy in the firewall can be configured to deny PUT
and MPUT commands.
A proxy server is an application-specific relay server that runs on the host that
connects a secure and a non-secure network. The purpose of a proxy server is to
control exchange of data between the two networks at an application level instead
of an IP level. By using a proxy server, it is possible to disable IP routing between
the secure and the non-secure network for the application protocol the proxy server
is able to handle, but still be able to exchange data between the networks by
relaying it in the proxy server.
Compared with IP filtering, application level gateways provide much more
comprehensive logging based on the application data of the connections. For
example, an HTTP proxy can log the URLs visited by users. Another feature of
application level gateways is that they use strong user authentication. For
example, when using FTP and TELNET services from the unsecure network, users
have to authenticate themselves to the proxy.
A disadvantage of application level gateways is that in order to achieve a
connection via a proxy server, the client software should be changed to support
that proxy service. This can sometimes be achieved by some modifications in user
behavior rather than software modification. For example, to connect to a TELNET
server over a proxy, the user first has to be authenticated by the proxy server then
by the destination TELNET server. This requires two user steps to make a
connection rather than one. However, a modified TELNET client can make the
proxy server transparent to the user by specifying the destination host rather than
proxy server in the TELNET command.

Eric_DZT

25. cat /proc/cpuinfo

Eric_DZT

25. cat /proc/cpuinfo