防火墙 英文 文献 翻译

FirewallA firewall is a software component that restricts unauthorized inward network access. It allows outward information flow. It is set up to control traffic flow between two networks by configured permissions like Allow, Deny, Block, Encrypt, etc. It is normally employed to avoid illegal access to personal computers or corporate networks from external unsafe entities like the Internet.The firewall scrutinizes all the information flowing in and out of the network. If some data do not meet the necessary criterion, it is denied access into the network.A firewall’s key function is to legalize the stream of traffic among computer networks of different trust levels. Similar to the physical firewalls installed in buildings that help limit the spread of fire, the software firewalls also help control network intrusions. A poorly configured firewall is useless. By default, the “deny” rule-set should be applied and allow only those applications to communicate for which the permissions have been explicitly set to “Allow.” However, such configurations require expertise understanding. Due to the lack of such expertise understanding, many corporate networks keep “Allow” as their default rule-set.There are numerous firewall scrutiny techniques. An easy technique is to examine the incoming requests to make sure they arrive from trusted (formerly recognized) domain name and networks. Many companies develop firewall software. Firewall software features comprise of logging and reporting, routine alerts at specified points of intrusion, and a graphical user interface for managing the firewall software.Types of FirewallsThe most basic firewall classifications falls into Hardware firewalls or Software firewalls. Hardware firewalls are considered external to the system, whereas Software firewalls are internal.Hardware Firewalls-----Hardware firewalls are normally situated between the network and the connecting cable/modem. These are external hardwaredevices usually called Network firewalls. Many a times, network devicescalled ‘Routers’ include firewall security. Hardware firewalls provide a highexternal defense level from intrusions since they are separate devices andpossess their own operating environment, offering an extra line of defense.Software firewalls use becomes less important if a strong Hardware firewallis implemented. The main fallback for Hardware firewall is they are quiteexpensive when compared to Software firewalls.∙Software Firewalls-----Software firewalls are basically software components that are internal to the computer system. They work hand-in-hand with thecomputer’s operating system. Nowadays, many operating systemsareshipped with an inbuilt software firewall. Numerous firewall packages that various companies develop are on the market.The disadvantage to software firewalls is that they will only guard thecomputer they are installed on, not the entire network. Hence, it necessitates every computer to have a software firewall installed on it. They arecomparatively less expensive then the Hardware firewalls.How Firewalls WorkDifferent kinds of firewalls function differently. They scrutinize, examine, and control the network traffic in numerous ways depending on their software architecture. Below are firewalls that work in different ways:∙The Packet Filtering FirewallOne type of firewall is the packet filtering firewall. In a packet filteringfirewall, the firewall examines five packetcharacteristics:1. Source IP address2.Source port3.Destination IP address4. Destination port5. IP protocol (TCPor UDP)Based upon rules configured into the firewall, the packet will either beallowed through, rejected, or dropped. If the firewall rejects the packet, itsends a message back to the sender letting him/her know that the packetwas rejected. If the packet was dropped, the firewall simply does not respond to the packet. The sender must wait for the communication to time out.Dropping packets instead of rejecting them greatly increases the timerequired to scan the network. Packet filtering firewalls operate on Layer 3 ofthe OSI model, the Network Layer. Routers are a very common form ofpacket filtering firewall.An improved form of the packet filtering firewall is a packet filtering firewall with a state oriented inspection engine. With this enhancement, the firewall“remembers” conversatio ns between systems and networks. It is thennecessary to fully examine only the conversation’s first packet.∙The Application-Proxy FirewallAnother type of firewall is the application-proxy firewall. In a proxy based firewall, every packet is stopped at the proxy firewall. The packet is thenexamined and compared to the rules configured into the firewall. If thepacket passes the examinations, it is recreated and sent out. Because each packet is destroyed and recreated, there is a potential that anapplication-proxy firewall can prevent unknown attacks based uponweaknesses in the TCP/IP protocol suite that a packet filtering firewall would not prevent. The drawback is that a separate application-proxy must bewritten for each application type being proxy examined. An HTTP proxy for web traffic, an FTP proxy for file transfers, a Gopher proxy for Gopher traffic, and so on are needed. Application-proxy firewalls operate on Layer 7 of the OSI model, the Application Layer.∙The Application-Gateway FirewallApplication-gateway firewalls also operate on Layer 7 of the OSI model, the Application Layer. Application-gateway firewalls exist for only few network applications. They intercept and examine all the information traveling from application to application. A typical application-gateway firewall is a system where the user must telnet to one system in order to telnet again to a system outside of the network.∙The SOCKS FirewallAnother type of application-proxy firewall is the SOCKS firewall. Wherenormal application-proxy firewalls do not require modifications to network clients, SOCKS firewalls require specially modified network clients. Thismeans users have to modify every system on their internal network thatneeds to communicate with the external network. On a Windows or OS/2 system, this can be as easy as swapping a few DLLs.-------------------------------------------------/firewall.html。

中英文对照外文翻译(文档含英文原文和中文翻译)外文文献:Designing Against Fire Of BulidingABSTRACT:This paper considers the design of buildings for fire safety. It is found that fire and the associ- ated effects on buildings is significantly different to other forms of loading such as gravity live loads, wind and earthquakes and their respective effects on the building structure. Fire events are derived from the human activities within buildings or from the malfunction of mechanical and electrical equipment provided within buildings to achieve a serviceable environment. It is therefore possible to directly influence the rate of fire starts within buildings by changing human behaviour, improved maintenance and improved design of mechanical and electricalsystems. Furthermore, should a fire develops, it is possible to directly influence the resulting fire severity by the incorporation of fire safety systems such as sprinklers and to provide measures within the building to enable safer egress from the building. The ability to influence the rate of fire starts and the resulting fire severity is unique to the consideration of fire within buildings since other loads such as wind and earthquakes are directly a function of nature. The possible approaches for designing a building for fire safety are presented using an example of a multi-storey building constructed over a railway line. The design of both the transfer structure supporting the building over the railway and the levels above the transfer structure are considered in the context of current regulatory requirements. The principles and assumptions associ- ated with various approaches are discussed.1 INTRODUCTIONOther papers presented in this series consider the design of buildings for gravity loads, wind and earthquakes.The design of buildings against such load effects is to a large extent covered by engineering based standards referenced by the building regulations. This is not the case, to nearly the same extent, in the case of fire. Rather, it is building regulations such as the Building Code of Australia (BCA) that directly specify most of the requirements for fire safety of buildings with reference being made to Standards such as AS3600 or AS4100 for methods for determining the fire resistance of structural elements.The purpose of this paper is to consider the design of buildings for fire safety from an engineering perspective (as is currently done for other loads such as wind or earthquakes), whilst at the same time,putting such approaches in the context of the current regulatory requirements.At the outset,it needs to be noted that designing a building for fire safety is far more than simply considering the building structure and whether it has sufficient structural adequacy.This is because fires can have a direct influence on occupants via smoke and heat and can grow in size and severity unlike other effects imposed on the building. Notwithstanding these comments, the focus of this paper will be largely on design issues associated with the building structure.Two situations associated with a building are used for the purpose of discussion. The multi-storey office building shown in Figure 1 is supported by a transfer structure that spans over a set of railway tracks. It is assumed that a wide range of rail traffic utilises these tracks including freight and diesel locomotives. The first situation to be considered from a fire safety perspective is the transfer structure.This is termed Situation 1 and the key questions are: what level of fire resistance is required for this transfer structure and how can this be determined? This situation has been chosen since it clearly falls outside the normal regulatory scope of most build-ing regulations. An engineering solution, rather than a prescriptive one is required. The second fire situation (termed Situation 2) corresponds to a fire within the office levels of the building and is covered by building regulations. This situation is chosen because it will enable a discussion of engineering approaches and how these interface with the building regulations–since both engineering and prescriptive solutions are possible.2 UNIQUENESS OF FIRE2.1 IntroductionWind and earthquakes can be considered to b e “natural” phenomena o ver which designers have no control except perhaps to choose the location of buildings more carefully on the basis of historical records and to design building to resist sufficiently high loads or accelerations for the particular location. Dead and live loads in buildings are the result of gravity. All of these loads are variable and it is possible (although generally unlikely) that the loads may exceed the resistance of the critical structural members resulting in structural failure.The nature and influence of fires in buildings are quite different to those associated with other“loads” to which a building may be subjected to. The essential differences are described in the following sections.2.2 Origin of FireIn most situations (ignoring bush fires), fire originates from human activities within the building or the malfunction of equipment placed within the building to provide a serviceable environment. It follows therefore that it is possible to influence the rate of fire starts by influencing human behaviour, limiting and monitoring human behaviour and improving the design of equipment and its maintenance. This is not the case for the usual loads applied to a building.2.3 Ability to InfluenceSince wind and earthquake are directly functions of nature, it is not possible to influence such events to any extent. One has to anticipate them and design accordingly. It may be possible to influence the level of live load in a building by conducting audits and placing restrictions on contents. However, in the case of a fire start, there are many factors that can be brought to bear to influence the ultimate size of the fire and its effect within the building. It is known that occupants within a building will often detect a fire and deal with it before it reaches a sig- nificant size. It is estimated that less than one fire in five (Favre, 1996) results in a call to the fire brigade and for fires reported to the fire brigade, the majority will be limited to the room of fire origin. In oc- cupied spaces, olfactory cues (smell) provide powerful evidence of the presence of even a small fire. The addition of a functional smoke detection system will further improve the likelihood of detection and of action being taken by the occupants.Fire fighting equipment, such as extinguishers and hose reels, is generally provided within buildings for the use of occupants and many organisations provide training for staff in respect of the use of such equipment.The growth of a fire can also be limited by automatic extinguishing systems such as sprinklers, which can be designed to have high levels of effectiveness.Fires can also be limited by the fire brigade depending on the size and location of the fire at the time of arrival. 2.4 Effects of FireThe structural elements in the vicinity of the fire will experience the effects of heat. The temperatures within the structural elements will increase with time of exposure to the fire, the rate of temperature rise being dictated by the thermal resistance of the structural element and the severity of the fire. The increase in temperatures within a member will result in both thermal expansion and,eventually,a reduction in the structural resistance of the member. Differential thermal expansion will lead to bowing of a member. Significant axial expansion will be accommodated in steel members by either overall or local buckling or yielding of local- ised regions. These effects will be detrimental for columns but for beams forming part of a floorsystem may assist in the development of other load resisting mechanisms (see Section 4.3.5).With the exception of the development of forces due to restraint of thermal expansion, fire does not impose loads on the structure but rather reduces stiffness and strength. Such effects are not instantaneous but are a function of time and this is different to the effects of loads such as earthquake and wind that are more or less instantaneous.Heating effects associated with a fire will not be significant or the rate of loss of capacity will be slowed if:(a) the fire is extinguished (e.g. an effective sprinkler system)(b) the fire is of insufficient severity – insufficient fuel, and/or(c)the structural elements have sufficient thermal mass and/or insulation to slow the rise in internal temperatureFire protection measures such as providing sufficient axis distance and dimensions for concrete elements, and sufficient insulation thickness for steel elements are examples of (c). These are illustrated in Figure 2.The two situations described in the introduction are now considered.3 FIRE WITHIN BUILDINGS3.1 Fire Safety ConsiderationsThe implications of fire within the occupied parts of the office building (Figure 1) (Situation 2) are now considered. Fire statistics for office buildings show that about one fatality is expected in an office building for every 1000 fires reported to the fire brigade. This is an order of magnitude less than the fatality rate associated with apartment buildings. More than two thirds of fires occur during occupied hours and this is due to the greater human activity and the greater use of services within the building. It is twice as likely that a fire that commences out of normal working hours will extend beyond the enclosure of fire origin.A relatively small fire can generate large quantities of smoke within the floor of fire origin.If the floor is of open-plan construction with few partitions, the presence of a fire during normal occupied hours is almost certain to be detected through the observation of smoke on the floor. The presence of full height partitions across the floor will slow the spread of smoke and possibly also the speed at which the occupants detect the fire. Any measures aimed at improving housekeeping, fire awareness and fire response will be beneficial in reducing the likelihood of major fires during occupied hours.For multi-storey buildings, smoke detection systems and alarms are often provided to give “automatic” detection and warning to the occupants. An alarm signal is also transm itted to the fire brigade.Should the fire not be able to be controlled by the occupants on the fire floor, they will need to leave the floor of fire origin via the stairs. Stair enclosures may be designed to be fire-resistant but this may not be sufficient to keep the smoke out of the stairs. Many buildings incorporate stair pressurisation systems whereby positive airflow is introduced into the stairs upon detection of smoke within the building. However, this increases the forces required to open the stair doors and makes it increasingly difficult to access the stairs. It is quite likely that excessive door opening forces will exist(Fazio et al,2006)From a fire perspective, it is common to consider that a building consists of enclosures formed by the presence of walls and floors.An enclosure that has sufficiently fire-resistant boundaries (i.e. walls and floors) is considered to constitute a fire compartment and to be capable of limiting the spread of fire to an adjacent compartment. However, the ability of such boundaries to restrict the spread of fire can be severely limited by the need to provide natural lighting (windows)and access openings between the adjacent compartments (doors and stairs). Fire spread via the external openings (windows) is a distinct possibility given a fully developed fire. Limit- ing the window sizes and geometry can reduce but not eliminate the possibility of vertical fire spread.By far the most effective measure in limiting fire spread, other than the presence of occupants, is an effective sprinkler system that delivers water to a growing fire rapidly reducing the heat being generated and virtually extinguishing it.3.2 Estimating Fire SeverityIn the absence of measures to extinguish developing fires, or should such systems fail; severe fires can develop within buildings.In fire engineering literature, the term “fire load” refers to the quantity of combustibles within an enclosure and not the loads (forces) applied to the structure during a fire. Similarly, fire load density refers to the quantity of fuel per unit area. It is normally expressed in terms of MJ/m2or kg/m2 of wood equivalent. Surveys of combustibles for various occupancies (i.e offices, retail, hospitals, warehouses, etc)have been undertaken and a good summary of the available data is given in FCRC (1999). As would be expected, the fire load density is highly variable. Publications such as the International Fire Engineering Guidelines (2005) give fire load data in terms of the mean and 80th percentile.The latter level of fire load density is sometimes taken as the characteristic fire load density and is sometimes taken as being distributed according to a Gumbel distribution (Schleich et al, 1999).The rate at which heat is released within an enclosure is termed the heat release rate (HRR) and normally expressed in megawatts (MW). The application of sufficient heat to a combustible material results in the generation of gases some of which are combustible. This process is called pyrolisation.Upon coming into contact with sufficient oxygen these gases ignite generating heat. The rate of burning(and therefore of heat generation) is therefore dependent on the flow of air to the gases generated by the pyrolising fuel.This flow is influenced by the shape of the enclosure (aspect ratio), and the position and size of any potential openings. It is found from experiments with single openings in approximately cubic enclosures that the rate of burning is directly proportional to A h where A is the area of the opening and h is the opening height. It is known that for deep enclosures with single openings that burning will occur initially closest to the opening moving back into the enclosure once the fuel closest to the opening is consumed (Thomas et al, 2005). Significant temperature variations throughout such enclosures can be expected.The use of the word ‘opening’ in relation to real building enclosures refers to any openings present around the walls including doors that are left open and any windows containing non fire-resistant glass.It is presumed that such glass breaks in the event of development of a significant fire. If the windows could be prevented from breaking and other sources of air to the enclosure limited, then the fire would be prevented from becoming a severe fire.Various methods have been developed for determining the potential severity of a fire within an enclosure.These are described in SFPE (2004). The predictions of these methods are variable and are mostly based on estimating a representative heat release rate (HRR) and the proportion of total fuel ςlikely to be consumed during the primary burning stage (Figure 4). Further studies of enclosure fires are required to assist with the development of improved models, as the behaviour is very complex.3.3 Role of the Building StructureIf the design objectives are to provide an adequate level of safety for the occupants and protection of adjacent properties from damage, then the structural adequacy of the building in fire need only be sufficient to allow the occupants to exit the building and for the building to ultimately deform in a way that does not lead to damage or fire spread to a building located on an adjacent site.These objectives are those associated with most building regulations including the Building Code of Australia (BCA). There could be other objectives including protection of the building against significant damage. In considering these various objectives, the following should be taken into account when considering the fire resistance of the building structure.3.3.1 Non-Structural ConsequencesSince fire can produce smoke and flame, it is important to ask whether these outcomes will threaten life safety within other parts of the building before the building is compromised by a loss of structural adequacy? Is search and rescue by the fire brigade not feasible given the likely extent of smoke? Will the loss of use of the building due to a severe fire result in major property and income loss? If the answer to these questions is in the affirmative, then it may be necessary to minimise the occurrence of a significant fire rather than simply assuming that the building structure needs to be designed for high levels of fire resistance. A low-rise shopping centre with levels interconnected by large voids is an example of such a situation.3.3.2 Other Fire Safety SystemsThe presence of other systems (e.g. sprinklers) within the building to minimise the occurrence of a serious fire can greatly reduce the need for the structural elements to have high levels of fire resistance. In this regard, the uncertainties of all fire-safety systems need to be considered. Irrespective of whether the fire safety system is the sprinkler system, stair pressurisation, compartmentation or the system giving the structure a fire-resistance level (e.g. concrete cover), there is an uncertainty of performance. Uncertainty data is available for sprinkler systems(because it is relatively easy to collect) but is not readily available for the other fire safety systems. This sometimes results in the designers and building regulators considering that only sprinkler systems are subject to uncertainty. In reality, it would appear that sprinklers systems have a high level of performance and can be designed to have very high levels of reliability.3.3.3 Height of BuildingIt takes longer for a tall building to be evacuated than a short building and therefore the structure of a tall building may need to have a higher level of fire resistance. The implications of collapse of tall buildings on adjacent properties are also greater than for buildings of only several storeys.3.3.4 Limited Extent of BurningIf the likely extent of burning is small in comparison with the plan area of the building, then the fire cannot have a significant impact on the overall stability of the building structure. Examples of situations where this is the case are open-deck carparks and very large area building such as shopping complexes where the fire-effected part is likely to be small in relation to area of the building floor plan.3.3.5 Behaviour of Floor ElementsThe effect of real fires on composite and concrete floors continues to be a subject of much research.Experimental testing at Cardington demonstrated that when parts of a composite floor are subject to heating, large displacement behaviour can develop that greatly assists the load carrying capacity of the floor beyond that which would predicted by considering only the behaviour of the beams and slabs in isolation.These situations have been analysed by both yield line methods that take into account the effects of membrane forces (Bailey, 2004) and finite element techniques. In essence, the methods illustrate that it is not necessary to insulate all structural steel elements in a composite floor to achieve high levels of fire resistance.This work also demonstrated that exposure of a composite floor having unprotected steel beams, to a localised fire, will not result in failure of the floor.A similar real fire test on a multistory reinforced concrete building demonstrated that the real structural behaviour in fire was significantly different to that expected using small displacement theory as for normal tempera- ture design (Bailey, 2002) with the performance being superior than that predicted by considering isolated member behaviour.3.4 Prescriptive Approach to DesignThe building regulations of most countries provide prescriptive requirements for the design of buildings for fire.These requirements are generally not subject to interpretation and compliance with them makes for simpler design approval–although not necessarily the most cost-effective designs.These provisions are often termed deemed-to-satisfy (DTS) provisions. All aspects of designing buildings for fire safety are covered–the provision of emergency exits, spacings between buildings, occupant fire fighting measures, detection and alarms, measures for automatic fire suppression, air and smoke handling requirements and last, but not least, requirements for compartmentation and fire resistance levels for structural members. However, there is little evidence that the requirements have been developed from a systematic evaluation of fire safety. Rather it would appear that many of the requirements have been added one to another to deal with another fire incident or to incorporate a new form of technology. There does not appear to have been any real attempt to determine which provision have the most significant influence on fire safety and whether some of the former provisions could be modified.The FRL requirements specified in the DTS provisions are traditionally considered to result in member resistances that will only rarely experience failure in the event of a fire.This is why it is acceptable to use the above arbitrary point in time load combination for assessing members in fire. There have been attempts to evaluate the various deemed-to-satisfy provisions (particularly the fire- resistance requirements)from a fire-engineering perspective taking into account the possible variations in enclosure geometry, opening sizes and fire load (see FCRC, 1999).One of the outcomes of this evaluation was the recognition that deemed-to- satisfy provisions necessarily cover the broad range of buildings and thus must, on average, be quite onerous because of the magnitude of the above variations.It should be noted that the DTS provisions assume that compartmentation works and that fire is limited to a single compartment. This means that fire is normally only considered to exist at one level. Thus floors are assumed to be heated from below and columns only over one storey height.3.5 Performance-Based DesignAn approach that offers substantial benefits for individual buildings is the move towards performance-based regulations. This is permitted by regulations such as the BCA which state that a designer must demonstrate that the particular building will achieve the relevant performance requirements. The prescriptive provisions (i.e. the DTS provisions) are presumed to achieve these requirements. It is necessary to show that any building that does not conform to the DTS provisions will achieve the performance requirements.But what are the performance requirements? Most often the specified performance is simply a set of performance statements (such as with the Building Code of Australia)with no quantitative level given. Therefore, although these statements remind the designer of the key elements of design, they do not, in themselves, provide any measure against which to determine whether the design is adequately safe.Possible acceptance criteria are now considered.3.5.1 Acceptance CriteriaSome guidance as to the basis for acceptable designs is given in regulations such as the BCA. These and other possible bases are now considered in principle.(i)compare the levels of safety (with respect to achieving each of the design objectives) of the proposed alternative solution with those asso- ciated with a corresponding DTS solution for the building.This comparison may be done on either a qualitative or qualitative risk basis or perhaps a combination. In this case, the basis for comparison is an acceptable DTS solution. Such an approach requires a “holistic” approach to safety whereby all aspects relevant to safety, including the structure, are considered. This is, by far, the most common basis for acceptance.(ii)undertake a probabilistic risk assessment and show that the risk associated with the proposed design is less than that associated with common societal activities such as using pub lic transport. Undertaking a full probabilistic risk assessment can be very difficult for all but the simplest situations.Assuming that such an assessment is undertaken it will be necessary for the stakeholders to accept the nominated level of acceptable risk. Again, this requires a “holistic” approach to fire safety.(iii) a design is presented where it is demonstrated that all reasonable measures have been adopted to manage the risks and that any possible measures that have not been adopted will have negligible effect on the risk of not achieving the design objectives.(iv) as far as the building structure is concerned,benchmark the acceptable probability of failure in fire against that for normal temperature design. This is similar to the approach used when considering Building Situation 1 but only considers the building structure and not the effects of flame or smoke spread. It is not a holistic approach to fire safety.Finally, the questions of arson and terrorism must be considered. Deliberate acts of fire initiation range from relatively minor incidents to acts of mass destruction.Acts of arson are well within the accepted range of fire events experienced by build- ings(e.g. 8% of fire starts in offices are deemed "suspicious"). The simplest act is to use a small heat source to start a fire. The resulting fire will develop slowly in one location within the building and will most probably be controlled by the various fire- safety systems within the building. The outcome is likely to be the same even if an accelerant is used to assist fire spread.An important illustration of this occurred during the race riots in Los Angeles in 1992 (Hart 1992) when fires were started in many buildings often at multiple locations. In the case of buildings with sprinkler systems,the damage was limited and the fires significantly controlled.Although the intent was to destroy the buildings,the fire-safety systems were able to limit the resulting fires. Security measures are provided with systems such as sprinkler systems and include:- locking of valves- anti-tamper monitoring- location of valves in secure locationsFurthermore, access to significant buildings is often restricted by security measures.The very fact that the above steps have been taken demonstrates that acts of destruction within buildings are considered although most acts of arson do not involve any attempt to disable the fire-safety systems.At the one end of the spectrum is "simple" arson and at the other end, extremely rare acts where attempts are made to destroy the fire-safety systems along with substantial parts of thebuilding.This can be only achieved through massive impact or the use of explosives. The latter may be achieved through explosives being introduced into the building or from outside by missile attack.The former could result from missile attack or from the collision of a large aircraft. The greater the destructiveness of the act,the greater the means and knowledge required. Conversely, the more extreme the act, the less confidence there can be in designing against such an act. This is because the more extreme the event, the harder it is to predict precisely and the less understood will be its effects. The important point to recognise is that if sufficient means can be assembled, then it will always be possible to overcome a particular building design.Thus these acts are completely different to the other loadings to which a building is subjected such as wind,earthquake and gravity loading. This is because such acts of destruction are the work of intelligent beings and take into account the characteristics of the target.Should high-rise buildings be designed for given terrorist activities,then terrorists will simply use greater means to achieve the end result.For example, if buildings were designed to resist the impact effects from a certain size aircraft, then the use of a larger aircraft or more than one aircraft could still achieve destruction of the building. An appropriate strategy is therefore to minimise the likelihood of means of mass destruction getting into the hands of persons intent on such acts. This is not an engineering solution associated with the building structure.It should not be assumed that structural solutions are always the most appropriate, or indeed, possible.In the same way, aircrafts are not designed to survive a major fire or a crash landing but steps are taken to minimise the likelihood of either occurrence.The mobilization of large quantities of fire load (the normal combustibles on the floors) simultaneously on numerous levels throughout a building is well outside fire situations envisaged by current fire test standards and prescriptive regulations. Risk management measures to avoid such a possibility must be considered.4 CONCLUSIONSFire differs sign ificantly from other “loads” such as wind, live load and earthquakes in respect of its origin and its effects.Due to the fact that fire originates from human activities or equipment installed within buildings, it is possible to directly influence the potential effects on the building by reducing the rate of fire starts and providing measures to directly limit fire severity.The design of buildings for fire safety is mostly achieved by following the prescriptive requirements of building codes such as the BCA. For situations that fall outside of the scope of such regulations, or where proposed designs are not in accordance with the prescriptive requirements, it is possible to undertake performance-based fire engineering designs.However,。

PT Activity: Configuring a Zone-Based Policy Firewall (ZPF)PT 任务：创建一个基于域策略的防火墙Addressing Table（地址表）Learning Objectives∙Verify connectivity among devices before firewall configuration.∙Configure a zone-based policy (ZPF) firewall on router R3∙Verify ZPF firewall functionality using ping, Telnet and a web browser.学习目标：在进行防火墙配置之前，确保各设备之间的连通性。

在R3配置ZPF。

使用Ping，Telnet和web browser来验证防火墙的作用。

IntroductionZone-based policy (ZPF) firewalls are the latest development in the evolution of Cisco firewall technologies. In this activity, you configure a basic ZPF on an edge router R3 that allows internal hosts access to external resources and blocks external hosts from accessing internal resources. You then verify firewall functionality from internal and external hosts.The routers have been pre-configured with the following:∙Console password: ciscoconpa55∙Password for vty lines: ciscovtypa55∙Enable password: ciscoenpa55∙Host names and IP addressing∙Static routing介绍：ZPF防火墙是思科公司近期研发的技术之一，在这个任务中，我们在边界路由器R3中配置策略，运行内部主机可以访问外部资源，相反的，不允许外界主机访问内网的资源。

⽹络安全与防⽕墙技术外⽂翻译⽂献⽹络安全与防⽕墙技术外⽂翻译⽂献(⽂档含中英⽂对照即英⽂原⽂和中⽂翻译)原⽂：Research of Network Security and Firewalls TechniquesAbstract:As the key facility that maintains the network security , firewalls take the purpose of establishing an obstacle between trust and trustless network, and put corresponding safety strategy into practice. In this paper , the computer network security and the techniques of firewalls were mainly discussed, the concept and classification of the firewalls were introduced. It also introduced three kind's of basic implement techniques of the firewalls: Packet filtering , Application Proxy and Monitor model indetail. Finally described the trend of development of the firewalls techniques in Internet briefly.Key words: network security, firewalls, Packet filtering, monitor1. IntroductionNow with the computer network and e-commerce used widely, network security has become an important problem that we must consider and resolve. More and more professions. enterprises and individuals surfer from the security problem in different degree. they are looking for the more reliable safety solution . In the defense system adopted by network security at present, the firewalls stand the very important position.As the key facility that maintains the network security. firewalls take the purpose of establishing an obstacle between trust and trustless network, and put corresponding safety strategy into practice.All the firewalls have the function to filter the IP address. This task checks the IP packet, makes the decision whether to release or to abandon it according to the source address and destination address of the IP. Shown in Fig.I, there is a firewall between two network sections, an UNIX computer is on one side of the firewall, and the other side is a PC client. While the PC client asks a telnet request for the UNIX computer, the client procedure of telnet in the PC produces a TCP packet and passes the packet to the local protocol stack to prepare to send. The protocol stack fills it in one IP packet. then, sends it to UNIX computer through the path defined by the TCP/IP stack of PC. The IP packet can't reach the UNIX computer until it passes the firewall between the PC and the UNIX computer.Fig. I Ip Address FilteringThe application firewall is a very efficient means of network security on Internet, it is installed between the trust and trustless network, can isolate the connection between the trust and trustless network, and doesn't hamper people's access to the trustless network at the same time. It can isolate the connection between the risk area (namely there may be a certain risk on Internet) and the safe area (LAN), and doesn't hamper people's access to the risk area at the same time. Firewall can monitor the traffic flowing in and out from the network to finish the task seemingly impossible;it only allows the safe and checked information to enter into, and meanwhile resists on the data that may bring about the threat to enterprise. As the fault and defect of the security problem become more and more general, the invasion to the network not only comes from the super attack means, but also may be from the lower-level mistakes or improper password selections on the configuration. So, the function of the firewalls is preventing the communication that not hoped and authorized passes in and out of the network protected. forcing the companies to strengthen their own network security policy. The general firewalls can achieve the following purposes: First, restraining others from entering the inside network, filtering the unsafe service and illegal user; Second, preventing the invaders from closing to your defense installation; Third,limiting the user to access the special site; Fourth,providing convenience for monitoring the Internet security.2. The classification and implement technology of firewallsAn integrated firewalls system usually consists of screening router and proxy server. The screening router is a multi-port IP router. it check the each coming IP packet according to the group regular to judge whether to transmit it. The screening router gets information from the packet. fot example the protocol number. the IP address and port number that receiving and sending massages. the flag of link even some other IP selections. filtering IP packet. The proxy server are server process in the firewall. it can replace the network user to finish the specific TCP/IP function. A proxy server is naturally a gateway of application layer. a gateway of two networks joined specific network application. Users contact with proxy server by one ofthe TCP/IP application such as Telnet or FTP. the proxy server ask the users for the name of the remote host. which users want to access. After the users have answered and offered the correct users' identities and authentication information, the proxy server communicates the remote host, act as the relay between two communication sites. The whole course can be totally transparent to users.There are mainly three types in the firewalls: packet filtering. application gateways and state detection.Packet filtering firewall works on the network layer.it can filter the source address. destination address. source port and destination port of TCP/IP data packet. It has advantages such as the higher efficiency.transparent to user. and users might not feel the existence of the packer filtering firewall, unless he is the illegal user and has been refused. The shortcomings are that it can't ensure the security to most services and protocols, unable to distinguish thedifferent users of the same IP address effectively,and it is difficult to be configured, monitored and managed. can't offer enough daily records and warning.The application gateways firewall performs its function on the application layer, it connects with specific middle-joint (firewall) by a client procedure, and then the middle-joint connects with the server actually. Unlike the packet filtering firewall. when using the firewall of this kind. there is no direct connection between the outside networks. so even if the matter has happened in the firewall. the outside networks can't connect with networks protected. The application gateway firewall offers the detailed daily records and auditing function, it improved the security of the network greatly. and provides the possibility to improve the security performance of the existing software too. The application gateways firewall solves the safety problem based on the specific application program. the products based on Proxy will be improved to configure the service in common use and non-standard port. However. so long as the application program needs upgrading. the users based on Proxy will find that they must buy new Proxy server. As a technique of network safety. Firewall combined with proxy server has simple and practical characteristics, can reach a certain security request in case of not revising the original network application system. However. if the firewall system is broken through. the network protected is in having no state of protecting. And if an enterprise hopes to launch the business activity on Internet and carry on communication with numerous customers. it can't meet the demands. In addition, the firewall based on Proxy Service will often makes the performance of the network obviously drop.The third generation of firewall takes the detection technique of state as the core,combines the packet filtering firewall and application gateways firewall. The state detection firewall accesses and analyzes the data achieved from the communication layer through the module of state detection to perform its function. The state monitor act as firewall technique. it is best in security perfonnance, it adopts a software engine.which executes the tactics of network security on the gateways, called the detection module. On the premise of not influencing the network to work normally, detection module collects the relevant data to monitor each of the network communication layers, collects a part of data, namely status information, and stores the data up dynamically for the reference in making security decision afterward. Detection modulesupports many kinds of protocols and application program, and can implement the expansion of application and service very easily. Different from other safety schemes, before the user's access reaches the operating system of network gateways, the state monitor should collect the relevant data to analyze, combine network configuration and safety regulation to make the decisions of acceptance, refutation, appraisal or encrypting to the communication etc Once a certain access violates the security regulation, the safety alarm will refuse it and write down to report the state of the network to the system management device. This technology has defects too, namely the configuration of the state monitor is very complicated, and will decelerate the network.3. New generation technique of firewallsAccording to the present firewalls market, the domestic and internationalmanufacturers of firewall can all support the basic function of the firewall well,including access control, the network address transform, proxy, authentication, daily records audit etc. However, as stated before, with the attack to the network increasing, and user's requisition for network security improving day by day, the firewall must get further development. Combine the present experience of research and development and the achievement,some relevant studies point out, according to the development trend of application and technology, how to strengthen the security of firewall, improve the performance of firewall, enrich the function of firewall, will become the problem that the manufacturer of firewalls must face and solve next. The purpose of the new generation firewall is mainly combining the packet filtering and proxy technology, overcoming the defects in the safety respect of two; being able to exert the omnidirectional control from the layer of data chain to the application layer; implementing the micro-kernel of TCP/IP protocol to perform all the security control on the layer of TCP/IP protocol; based on the micro-kernel above, making the speed to exceed thetraditional packet filtering firewall; Offering the transparent mode of proxy. lightening the configuration work on the client; Supporting the data encryption and decryption (DES and RSA ), offering the strong support to the Virtual Private Network VPN; hiding the Inside information totally; producing a new firewall theory.The new techniqe of firewalls has not only covered all the functions of traditional packet filtering firewalls, but also has remarkable advantages in opposing overall the attack means of IP deception, SYN Flood, ICMP. ARP, etc. strengthening proxy service, merging it with packet filtering, then adding the intelligence filteringtechnology to make the security of the firewall rising to another height.4. ConclusionNow the firewall has already been widely used on Internet, and because of its characteristic of not limited to the TCP/IP protocol, it has more vitality outside Internet progressively too. To be subjective, the firewall is not the omnipotent prescription of solving the problem of network security, but only a component of the network security policy and tactics. However, understanding the technology of firewall and learning to use it in actual operation, believing that every net friend may be benefited a lot from the network life in the new century.翻译：⽹络安全与防⽕墙技术研究摘要：作为关键设施，维护⽹络的安全性，防⽕墙采取建⽴信任与不可靠的⽹络障碍的⽬的，并落实相应的安全策略。

【关键字】系统Fire alarm systemFire control work shall follow the policy of devoting major efforts into prevention and combining fire prevention with fire fighting, and shall adhere to the principle of combining the efforts of both specialized organizations and the masses and carry out responsibility system on fire prevention and safety. The State Council shall led and the people's governments at all levels be responsible for fire control work. The people's government at all levels shall bring fire control work in line with the national economy and social development plan, and ensure that fire control work fit in with the economic construction and social development. The public security department of the State Council shall monitor and administer the nationwide fire control work; the public security organs of local people's governments above county level shall monitor and administer the fire control work within their administrative region and the fire control institutions of public security organs of the people's government at the same level shall be responsible for the implementation.Along with the our country economic development rapid development, the lives of the people level unceasing enhancement, the city uses to be day by day anxious, urges the building to face the direction is developing. This kind of high level civil construction repair needed materials and the way also more hasten the diversification, and along with uses electricity the load and coal gas consumption quantity enlarging, proposed to the fire auto-alarm system design is higher, a stricter request. In order to guarantee the people life and property the security, the fire auto-alarm system design has become in the high level civil construction design one of most important design contents. Presently based on the author fire of auto-alarm system design overseeing work in the high level civil building experience, proposed in present national related standard and standard unclear true detail shallow opinion, by for the colleagues to discuss and to point out mistakes.Automatic fire alarm system is by the trigger devices, fire alarm, fire alarm devices and other auxiliary functions of the device with the composition of the fire alarm system, automatic fire alarm system, automatic or manual fire alarm signal devices generate called trigger parts include fire detectors and manual fire alarm button.Fire detectorFire detectors are sensing automatic fire alarm system parts, is composed of a variety of automatic fire alarm system, key components, automatic fire alarm system is a "sense organ." It on the fire parameters (smoke, temperature, flame radiation, gas concentration, etc.) response, and automatically generate a fire alarm signal, or to the control and indicating equipment status signals sent on-site fire equipment. Fire detector is a key component in the system, his stability, reliability and sensitivity specifications are subject to many factors, so the selection and arrangement of fire detectors should be carried out strictly in accordance with specifications.Classification of fire detectorsCurrently many different types of fire detectors, there are different ways according to different classifications. 1 According to the monitoring of different fire characteristics, fire detectors can be divided into smoke, temperature, light-sensitive, complex and combustible gases such as five types, each type has its work according to different principles are divided into several.Automatic reset fire detectors. Can automatically return to monitoring status.Remote reset fire detectors. Through the remote control back to the surveillance state.Manual reset fire detectors. By manually adjusting back to the surveillance state. can not reset the fire detectors. Fire alarm signal in the production of the conditions no longer exist, the group can be swapped back to the monitor from the alarm state after state, or action can not be restored to the surveillance state.The choice of fire detectorThe choice of fire detector shall meet the following requirements:(1)Early stages of the fire smoldering phase, generate a lot of smoke and a small amount of heat, little or no flame radiation, smoke probe selection;(2) The fire developed rapidly, resulting in a lot of heat, smoke and flame radiation, smoke used probe, temperature probe, the flame sensor or a combination;(3) The fire developed rapidly, with a strong flame radiation and a small amount of smoke, heat, and use flame probe;(4)Complicated or unexpected formation characteristics of fire can be simulated to fit the experimental probe used.Fire alarm controlFire alarm control is the heart of automatic fire alarm system has the following functions:(1) To accept the fire signal and start the fire alarms. The device can also be used to indicate firelocation and recording the information.(2) Start a fire through a fire alarm signal transmitting device, or through the automatic control unit activates the automatic fire extinguishing equipment and fire fighting linkage controller.(3) Automatically monitoring system for correct operation and failure to say anything specific, light alarm.Fire alarm control classificationWide variety of fire alarm controller, according to different methods can be divided into different categories.The control can be divided into:Regional fire alarm control: direct connection of fire detectors, handling all kinds of alarm information.Concentrated fire alarm control: it is generally not connected with the fire detector, which is connected with the regional fire alarm controller, fire alarm control of district-level alarm signal sent, often used in larger systems.Control Center fire alarm control: it is both regional, centralized two or fire alarm feature of the controller, which can be used for the regional level, the connection controller; they can be used for concentration levels used to connect regional fire alarm controller.By structure type can be divided into:Wall of fire alarm control: connect the detector circuit corresponding less, control is simple, many regional police only use this type of controller.Desktop fire alarm control: a few more connections detector circuit, linkage control more complex, centralized alarm often used this way.Box type fire alarm control: multi-loop connection can be realized with sophisticated control linkage.The system wiring is divided into:Multi-wire fire alarm control: detector and controller correspond to the connection method used.B system, fire alarm control: the controller and the detector connected by bus, detectors parallel or series on the bus.Fire alarm control functionsFire alarm: When you receive the detector, manual alarm switch, fire hydrant switch and input module is connected with the equipment issued to the fire signal, the alarm may be in alarm.Failure Alarm: The system time-sharing running control inspection, if an exception (equipment failure) the issue of sound, light alarm signal and displays the fault type and encoding.Fire priority: the failure to deal with fire alarm or, if the fire was reported the fire, and when the fire reportedly cleared automatically after the original failure.The time clock and the memory of the fire: when the system clock to go through the software programming, with a corresponding memory cell, memory, time of the accident.Self-test function: In order to improve the reliability of alarm systems, the controller sets the checking can be regular or irregular inspections of fire-First, design basisThe fire auto-alarm system design is a specialized very strong technology work, at the same time also has the very strong policy-type. Therefore, first should be clear about the following design basis: 1st, must grasp the architectural design fire protection standard, the system design standard, the equipment manufacture standard, the installment construction approval standard and the administration laws and regulations and so on five big aspects fire laws and regulations, and in practical understanding present country related standard and standard positive word: "Must", "be supposed", "to be suitable", "may" and the reverse side word: "Strictly prohibits", "should not", "not have", "not to be suitable" the meaning.2nd, must aim at high level civil building function, use and the protection object fire protection rank, earnestly carries out the present national related standard, earnestly treats the public security fire prevention surveillance department the examination and approval opinion.Second, fire auto-alarm system equipment establishmentFire detector establishmentOpens wide either the seal or the stair hall should alone divide the search coverage.Room (including guards against in front of smoke stair hall in front of room, fire elevator room, fire elevator with guards against the front room which smoke stair hall comes in handy) and the aisle should distinguish alone to divide the search coverage, specially front the room and the lift well, the scattered stair hall and the aisle are interlinked, has time the fire haze to be easier to gather or to flow, is the personnel disperses which saves goal with the fire prevention, therefore should install the fire detector. Regarding common elevator in front of room although is not the personnel disperses , but this front room and the lift well are interlinked, has time the fire haze to be also easy to gather or to flow, suitably alone divides thesearch coverage and installs the fire detector.The electric cable shaft therefore is easy to form pulls out the smoke inflammation the channel; Has when the fire the fire intensity not easily extends along the electric cable burns, for this, "the high level civil construction design fire protection standard" and "the civil construction electricity design standard" separately proposes the detailed specific stipulation in the construction and in the electric wire or on the electric cable shaping. But considered implements specifically the difficulty and the present situation, the electric cable shaft installs the fire detector is extremely essential, and coordinates the shaft the fire protection separation request, each 2 ~ 3 or each level installs.The elevator machine room should install the fire detector, its elevator is the important vertical transportation vehicle. when has the fire, the lift well often becomes the fire intensity spread the channel, is easy to threaten the elevator machine room the facility. Therefore, the elevator machine room establishes the fire detector is necessary, crown of also suitable establishment fire detector lift well.2nd, the manual fire reports to the police the button establishmentRoom (Including guards against in front of smoke stair hall in view of various floors front room in front of room, fire elevator room, fire elevator with guards against which smoke stair hall to come in handy the front room) is has when the fire the personnel to disperse which saves goal with fire prevention, should report to the police the button first choice spot as the establishment manual fire. In addition, the room also should establish the manual fire to the common elevator in front of to report to the police the button.In the public active place (including hall, dining room, multi-purpose hall and so on) and the main thoroughfare and so on place, the personnel very is all centralized, and mainly disperses the channel. Therefore should report to the police the button in these public active places main access establishment manual fires; The manual fire establishes which in the main thoroughfare reports to the police the button to guarantee "to a manual fire which most is close to reports to the police the button distance from a fire protection district any position not to be supposed to be bigger than 30 meters".3rd, the fire emergency broadcasts the speaker the establishmentThe aisle, the hall, the dining room and so on the public place personnel very are all centralized, and mainly disperses the channel. Therefore should press in these public places "to a recent speaker distance is not bigger than 25 meters from a fire protection district any spot" and "in the aisle last should not be bigger than 12.5 meters the speaker to the aisle terminal distance" the establishment fire emergency to broadcast the speaker; Next also should establish the fire in the public bathroom place emergency to broadcast the speaker.Room (including guards against in front of smoke stair hall in front of room, fire elevator room, fire elevator with guards against which smoke stair hall to come in handy the front room) is has when the fire the personnel to disperse which saves goal with fire prevention, also has the fire door separation and the sounds of people is confused and noisy, therefore should establish the fire emergency to broadcast the speaker. In front of the common elevator the room also should establish the fire emergency to broadcast the speaker. Disperses the stair hall also is has when the fire the personnel to disperse which saves goal with the fire prevention, also the sounds of people are confused and noisy, therefore should establish the fire emergency to broadcast the speaker, by favors the fire emergency broadcast to disperse the instruction.4th, fire alarm installment establishmentThe establishment fire emergency broadcast fire auto-alarm system, the author thought also should install the fire alarm installment, but its control procedure should be: The alarm apparatus should confirm after the fire, uses manual or the automatic control mode unification to the fire correlation region transmission warning, stops the alarm apparatus work in the stipulation time, the rapid linkage fire emergency broadcast and broadcasts to the people disperses the instruction.The fire alarm establishment position, the author thought should report to the police the button position w installment ith the manual fire to be same, its wall surface installment should for be apart from the ground 1.8 meters highly5th, fire special use telephone establishmentInstalls the fire special use telephone extension telephone, should be located the engine room which related also some people is on duty frequently with the fire linkage control (including fire water plant, spare electricity generation engine room, matches substation, mainly ventilates with air conditioning engine room, discharges fume engine room, fireprevention elevator machine room and other), the fire fighting control system operates the equipment place or the control room, the fire duty officers observation room, the security manages spot and so on public room.In the fire elevator and the ordinary elevator all should suppose the special use telephone, requests the elevatorm achine room and the elevator sedan theater box, the elevator machine room and the fire control room, the elevator sedan theater box and the fire control room and so on three compositions is reliable to speaks the correspondence telephone system. Usually in fire control room; The establishment elevator monitoring demonstration plate (including position indicator, direction indicating lamp, to speaks correspondence telephone, trouble lamp and so on), in order to carries on the necessity to the elevator running status which in the surveillance and the emergency case controls.Is equipped with the manual fire to report to the police position and so on button, fire hydrant button also should install the fire special use telephone receptacle.Third, fire linkage control1st, the fire linkage control should include the control fire pump to open, to stop, also should demonstrate opens pumps the button the position and the fire pump work and the malfunction. When the fire hydrant is equipped with the fire hydrant button, its electric installation work spot also should demonstrate the fire pump the working mode active status (namely establishment fire pump work indicating lamp).2nd, the fire linkage control should include the control spraying of water and the water atomization fire fighting system opens, stops, also should demonstrate the fire pump the work and the malfunction and the fluent display, reports to the police the valve, the safety signal valve working mode active status. In addition, to the basin, the water tank water level also should carry on the demonstration monitor; In order to prevent the overhaul signal valve is shut down, the author thought should use the belt electric signal the control signal valve by to demonstrate it opens the condition.3rd, the fire linkage control other controls and the demonstration function, should carry out the present national related standard and the standard specific stipulation.Fourth, fire auto-alarm system wiringIn order to prevent the fire occurs when the fire control, the correspondence and the warning line severance, causes the fire fighting work to be unable to carry on, creates the bigger economic loss; Also for the suppression electronmagetic interference (for example transformer, electric motor, electric cable and so on) the influence which produces to the fire auto-alarm system. The fire auto-alarm system transmission line and the fire control, the correspondence and the warning line should use the being flame-resistant electric cable, and should use the metal tube or the enclosed metal trunking protection. The fire manual positive governing installment line should use the fireproof electric cable, its electric cable also should use the metal tube or the enclosed metal trunking protection. Uses Ming Fushi, should takes the fire protection protective measures on the metal tube or the enclosed metal trunking.Fifth, concluding remarkThe author rests on the concrete project to implement the experience, elaborated the design basis, fire auto-alarm design actual problem and so on system equipment establishment, fire linkage control and its wiring pulls out some shallow opinions, its goal is enhances the fire auto-alarm system the design quality, discovered early and the notification fire, prevented and reduces the fire to harm, by protects the person and the property safety.防火报警系统消防工作贯彻预防为主、消防结合的方针，坚持专门机关与群众相结合的原则，实行防火安全责任制。

防火墙的英文名为“firewall”，它是目前一种最重要的网络防护设备。

它在网络中经常用图1所示的两种图标来表示。

左边那个图标很形象，像一堵墙。

而右边那个图标则是用一个二极管图标，形象地表示防火墙的过滤机制，形象地说明了防火墙具有单向导通性。

它粗看起来与现在防火墙过滤机制有些矛盾，不过它却完全体现了防火墙初期的设计思想，同时也在相当大程度上体现了当前防火墙的过滤机制。

因为防火最初的设计思想是对内部网络总是信任的，而对外部网络却总是不信任的，所以最初的防火墙是只对外部进来的通信进行过滤，而对内部网络用户发出的通信不作限制。

当然目前的防火墙在过滤机制上有所改变，不仅对外部网络发出的通信连接要进行过滤，对内部网络用户发出的部分连接请求和数据包同样需要过滤，防火墙仍只对符合安全策略的信息予以通过。

图1防火墙的本义是指古代使用木制结构房屋构筑，为防止火灾的蔓延，人们在房屋周围用泥石砌起高墙作为屏障，这种防护构筑物就被称之为“防火墙”。

对于防火墙的概念，目前还没有一个准确、标准的定义。

通常人们认为：防火墙是位于两个(或多个)网络间，实施网络之间访问控制的一组组件集合。

它具有以下三个方面的基本特性：·内部网络和外部网络之间的所有网络数据流都必须经过防火墙·只有符合安全策略的数据流才能通过防火墙·防火墙自身应具有非常强的抗攻击免疫力目前市场的防火墙产品非常之多，划分的标准也比较杂。

在此我们对主流的分类标准进行介绍。

（1）从防火墙的构成材质来分如果从实现防火墙机制的材质来分的话，防火墙可以分为软件防火墙和硬件防火墙。

最初的防火墙与我们平时所看见的集线器、交换机一样，都属于硬件产品。

如图2所示的是3Com公司的一款3Com SuperStack 3防火墙。

它在外观上与平常我们所见到的集线器和交换机类似，只是只有少数几个接口，分别用于连接内、外部网络。

图2随着防火墙应用的逐步普及和计算机软件技术的发展，为了满足不同层次用户对防火墙技术的需求，许多网络安全软件厂商开发出了基于纯软件的防火墙，俗称“个人防火墙”。

专业外语英汉对照A ccess Control List（ACL）访问控制列表access token 访问令牌account lockout 帐号封锁account policies 记帐策略accounts 帐号adapter 适配器adaptive speed leveling 自适应速率等级调整Address Resolution Protocol(ARP) 地址解析协议Administrator account 管理员帐号algorithm 算法alias 别名alias 小应用程序allocation layer 应用层allocation 分配、定位anlpasswd 一种与Passwd+相似的代理密码检查器API 应用程序编程接口applications 应用程序ARPANET 阿帕网（internet的前身）ATM 异步传递模式attack 攻击audio policy 审记策略auditing 审记、监察authentication 认证、鉴别authorization 授权Back Office Microsoft公司的一种软件包Back up 备份back-end 后端backup browser 后备浏览器baseline 基线BDC 备份域控制器BGP 引导网关协议Binding 联编、汇集BIOS 基本输入/输出系统bit 比特、二进制位BOOTP 引导协议borde gateway 边界网关borde 边界Bottleneck 瓶径breach 攻破、违反breakabie 可破密的bridge 网桥、桥接器browser 浏览器browsing 浏览CAlass A domain A类域CAlass B domain B类域CAlass C domain C类域CD-ROM 只读型光盘CGI 公共网关接口 CGI（Common Gateway Interface公用网关接口是一个可以产生相同结果或结果随用户输入而变化的程序。

英汉网络安全词典英汉网络安全词典1. antivirus software / 杀毒软件Antivirus software, also known as anti-malware software, is a program designed to detect, prevent and remove malicious software from a computer or network.2. firewall / 防火墙A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules. It helps protect a computer or network from unauthorized access and potential threats.3. encryption / 加密Encryption is the process of converting plain text or data into an unreadable format using an algorithm and a key. It helps protect sensitive information and ensures secure communication.4. phishing / 钓鱼Phishing is a fraudulent practice where cybercriminals try to trick individuals into revealing sensitive information, such as passwords or credit card numbers, by pretending to be a legitimate entity.5. malware / 恶意软件Malware, short for malicious software, is any software designed to cause damage, disrupt operations, or gain unauthorized access to a computer or network. Common types of malware include viruses, worms, trojans, and ransomware.6. vulnerability / 漏洞A vulnerability is a weakness or flaw in a computer system or network that can be exploited by attackers. It can result in unauthorized access, data breaches, or system disruptions.7. authentication / 身份验证Authentication is the process of verifying the identity of an individual or device accessing a computer system or network. It can involve passwords, biometrics, or other means to ensure the authorized user's identity.8. intrusion detection system (IDS) / 入侵检测系统An intrusion detection system is a network security technology that monitors network traffic for malicious activity or unauthorized access. It alerts administrators or automatically takes action to prevent further damage.9. encryption key / 加密密钥An encryption key is a piece of information used in encryption algorithms to convert plain text into cipher text or vice versa. The key is necessary to decrypt the encrypted data and ensure secure communication.10. cybersecurity / 网络安全Cybersecurity refers to the practice of protecting computer systems, networks, and data from unauthorized access, damage, or theft. It involves implementing measures to prevent, detect, and respond to cyber threats.11. two-factor authentication (2FA) / 双因素身份验证Two-factor authentication is a security process that requires two different forms of identification before granting access to a computer system or network. It typically involves something the user knows (password) and something the user possesses (security token or mobile device).12. data breach / 数据泄露A data breach is an incident where unauthorized individuals gain access to protected or sensitive data without permission. It can result in the exposure or theft of personal information, financial records, or other confidential data.13. cyber attack / 网络攻击A cyber attack is an intentional act to compromise computer systems, networks, or devices by exploiting vulnerabilities. It can involve stealing sensitive data, disrupting operations, or causing damage to digital infrastructure.14. vulnerability assessment / 漏洞评估A vulnerability assessment is the process of identifying and evaluating vulnerabilities in a computer system, network, or application. It helps organizations understand their security weaknesses and take appropriate measures to mitigate risks.15. secure socket layer (SSL) / 安全套接字层Secure Socket Layer is a cryptographic protocol that ensures secure communication over a computer network. It provides encryption, authentication, and integrity, making it widely used for securing online transactions and data transfer.以上是英汉网络安全词典的部分词汇，以供参考。