防火墙硬件_硬件防火墙提供的保护

防火墙硬件

A hardware firewall is a standalone appliance that is meant to sit in front of your IT infrastructure, or in other words between your servers and the Internet, acting as a guard so to say monitoring all traffic that is entering and leaving your network. Software firewalls are isolated to the server on which they are hosted and can only provide protection for a single device rather than an entire network, hence why a hardware firewall can be regarded as a sensible investment for an environment where you would like to apply the same firewall rules across a large expanse of hardware, to include devices that may not have their own software firewalls. Cisco is generally seen as being the best producer of robust and resilient hardware firewalls that are able to see off even the most intense of attacks.

硬件防火墙是一种独立的设备，旨在位于您的IT基础结构前面，或者换句话说，位于服务器和Internet之间，充当警卫，可以监视所有进入和离开网络的流量。 软件防火墙与托管它们的服务器隔离，并且只能为单个设备(而非整个网络)提供保护，因此，为什么将硬件防火墙视为对您想要应用相同环境的明智投资？跨大量硬件的防火墙规则，以包括可能没有自己的软件防火墙的设备。 思科通常被认为是鲁棒性和弹性硬件防火墙的最佳生产者，这些防火墙甚至可以抵御最强烈的攻击。

Server stability

服务器稳定性

Using a software firewall can undermine the stability of the server. Although a software firewall will have the capabilities necessary to block the IP addresses of computers that are repeatedly attacking the machine, this doesn’t negate the threat as the traffic is still reaching the server and processing power is still being used in dealing with these attacks. This is where the first benefit of a hardware firewall emerges because it is able to stop rogue traffic before it even has a chance to reach your hardware, thereby preventing the attacks from impacting on server performance and stability.

使用软件防火墙可能会破坏服务器的稳定性。 尽管软件防火墙将具有阻止反复攻击计算机的IP地址所必需的功能，但这并不能消除威胁，因为流量仍在到达服务器，并且处理能力仍在使用中来应对这些攻击。 这是出现硬件防火墙的第一个好处的地方，因为它能够在恶意流量甚至没有机会到达您的硬件之前就阻止恶意流量，从而防止攻击影响服务器性能和稳定性。

Traffic filtering

流量过滤

Another benefit that arises from using a hardware firewall is its capability to analyse traffic as it passes through the device, using an anomaly detector to pick out any suspicious packets. Traffic that is flagged as being suspicious will then be stopped in its tracks and prevented from going any further, so that hackers trying to gain access to a server are stopped at the first hurdle.

使用硬件防火墙所带来的另一个好处是它能够分析流量通过设备时的流量，并使用异常检测器挑选出任何可疑数据包。 然后，被标记为可疑的流量将被阻止在其轨道上，并阻止其进一步发展，从而使试图获取服务器访问权限的黑客在第一道障碍被阻止。

Configure the firewall, but more importantly, test it

配置防火墙，但更重要的是，对其进行测试

Whilst I’m sure many hardware firewalls come with a great rule sets out of the box, when you are investing in such an expensive piece of equipment, you should read all the available documentation so that you are able to make the most of what really is an investment. If you have had security breaches or have been the victim of DDoS attacks in the past then the first thing you should do is setup firewall rules to reflect this and to make sure that they can be prevented from happening again. It would also be worth consulting a security expert who can provide you with additional pointers on how best to use the appliance to protect your network.

虽然我敢肯定许多硬件防火墙都附带了一个很好的规则集，但是当您购买如此昂贵的设备时，您应该阅读所有可用的文档，以便充分利用真正的功能。是一项投资。 如果您曾经遇到过安全漏洞或曾经是DDoS攻击的受害者，那么您应该做的第一件事就是设置防火墙规则以反映这一点，并确保可以防止它们再次发生。 还值得咨询安全专家，他可以为您提供有关如何最好地使用设备保护网络的其他指导。

Once you are happy with how you have the appliance configured, go ahead and test it. It’s all well and good having it configured how you like, but how are you sure that these rules are going to protect you if you don’t test them? There are a number of different applications out there that you can use to test a firewall. Alternatively, if you are really confident in your security then why not hire a hacker to test it? Testing applications are just going to be running a universal set of commands, but a hacker will be able to observe your network configuration and test the security in a tailored way that is relatable to common threats.

对设备的配置感到满意之后，请继续进行测试。 按自己的喜好配置它很好，但是如果您不测试这些规则，如何确定这些规则可以保护您呢？ 您可以使用许多不同的应用程序来测试防火墙。 或者，如果您真的对自己的安全性有信心，那为什么不雇用黑客对其进行测试呢？ 测试应用程序将要运行一组通用命令，但是黑客将能够观察您的网络配置并以与常见威胁相关的量身定制的方式测试安全性。

A hardware firewall is a great way of providing a network infrastructure. Rather than being used for a single server deployment, it is more cost efficient for deployments where two or more servers are being used. The level of protection offered will safeguard the stability of your servers and prevent hackers from getting anywhere near your hardware. For a single server deployment, shared hardware firewalls are sometime available.

硬件防火墙是提供网络基础结构的一种好方法。 与其用于单个服务器部署，不如用于使用两个或更多服务器的部署，其成本效率更高。 提供的保护级别将维护服务器的稳定性，并防止黑客进入您的硬件附近。 对于单服务器部署，共享硬件防火墙有时可用。

翻译自: https://www.eukhost.com/blog/webhosting/protection-offered-hardware-firewalls/

防火墙硬件