服务条款和隐私_数据中心设备和条款| 第2部分

服务条款和隐私

路由器 (Routers)

Continued…

继续…

配电路由器 (Distribution Routers)

Distribution routers aggregate traffic from multiple access routers, either in the same place, or obtaining the data streams from multiple sites to the location of a major company. Distribution routers often are responsible for implementing quality of service across a WAN, so it must have considerable memory, multiple WAN interfaces, and substantial processing intelligence.

分布路由器将来自多个接入路由器的流量聚集在同一位置，或者从多个站点获取数据流到一家大公司的位置。 分布路由器通常负责在WAN上实现服务质量，因此它必须具有大量的内存，多个WAN接口和大量的处理智能。

They can also provide connectivity to groups of servers or networks. The router operating system must be careful as part of the global security architecture. Separated from the router may be a firewall or VPN concentrator, or the router may include these and other functions security. When a business is based primarily on a campus, there may be no clear division level, which is perhaps not access outside campus. In such cases, access routers, connected to a local area network (LAN), are interconnected through the Core routers.

它们还可以提供与服务器或网络组的连接。 路由器操作系统必须小心，作为全局安全性体系结构的一部分。 与路由器分开的可能是防火墙或VPN集中器，或者路由器可能包括这些和其他功能的安全性。 当企业主要基于园区时，可能没有明确的部门级别，这可能无法在园区外部访问。 在这种情况下，连接到局域网(LAN)的接入路由器将通过核心路由器互连。

核心路由器 (Core Routers)

In business, the core router can provide a “backbone” interconnecting the distribution of levels of the routers in multiple buildings on a campus, or large companies locales. When a company is widely distributed with no central location, the role of the Core router can be assumed by the WAN service to which the company subscribes, and the distribution of routers becomes the highest level.

在业务中，核心路由器可以提供“骨干网”，以互连园区中多个建筑物或大型公司区域中路由器的层级分布。 当公司分布广泛而没有中心位置时，核心路由器的角色可以由该公司订阅的WAN服务承担，并且路由器的分布成为最高级别。

边缘路由器 (Edge Routers)

The edge routers link autonomous systems with Internet backbone or other autonomous systems, and they must be prepared to handle a protocol bgp and if they want to receive bgp routes should poser much memory.

边缘路由器将自治系统与Internet骨干网或其他自治系统链接起来，它们必须准备好处理协议bgp，并且如果它们想要接收bgp路由，则会占用更多内存。

无线路由器 (Wireless Router)

Although traditionally used to deal with routers fixed networks (Ethernet, ADSL, ISDN, etc.), in recent years have routers have begun to appear that allow an interface between fixed and mobile networks (such as Wi-Fi, GPRS, Edge , UMTS, Fritz! Box, WiMAX, etc.). A wireless router shares the same principle as a traditional router. The difference is that it allows wireless devices to networks to which the router is connected via cable connections. The difference between this type of router is given by the power reach, frequencies and protocols in which they work.

尽管传统上用于处理路由器的固定网络(以太网，ADSL，ISDN等)，但近年来路由器已开始出现，允许在固定和移动网络(例如Wi-Fi，GPRS，Edge，UMTS)之间建立接口，Fritz！Box，WiMAX等)。 无线路由器具有与传统路由器相同的原理。 不同之处在于，它允许无线设备连接到通过电缆连接到路由器的网络。 这种路由器的区别在于功率范围，工作频率和协议。

开关 (Switch)

A switch is a device used in computer networks to relay modules (frames) between the various nodes. They have doors, as well as the concentrators (hubs) and the main difference between a switch and a hub, is that the switch segments the network internally, and each port represents a separate collision domain, which means no collisions between packages of different segments – unlike hubs, whose doors share the same collision domain. Another important difference is related to network management, with a manageable switch, we can create VLANs, so the managed network is further divided into smaller segments.

交换机是计算机网络中用于在各个节点之间中继模块(框架)的设备。 它们具有门，集中器(集线器)以及交换机和集线器之间的主要区别是，交换机在内部对网络进行分段，并且每个端口代表一个单独的冲突域，这意味着不同网段的包装之间不会发生冲突–与集线器不同，集线器的门共享相同的碰撞域。 另一个重要的区别与网络管理有关，通过可管理的交换机，我们可以创建VLAN，因此被管理的网络可以进一步划分为较小的网段。

防火墙功能 (Firewall)

A firewall is a part of a system or network that is designed to block unauthorized access while allowing authorized communications. This is a device or group of devices configured to permit, restrict, encrypt, decrypt, traffic between different areas on the basis of a set of standards and other criteria.

防火墙是系统或网络的一部分，旨在阻止未经授权的访问，同时允许经过授权的通信。 这是一个或一组设备，被配置为根据一组标准和其他标准来允许，限制，加密，解密不同区域之间的流量。

Firewalls can be implemented in hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet specified security criteria. It is also common to connect the firewall to a third network, called the Demilitarized Zone, or DMZ, where servers are located in the organization that should be accessible from the outside network. A properly configured firewall adds a necessary protection to the network, but in no case should be considered sufficient. Computer security covers more areas and more jobs and levels of protection.

防火墙可以用硬件或软件或二者的结合来实现。 防火墙通常用于防止未经授权的Internet用户访问连接到Internet的专用网络，尤其是Intranet。 所有进入或离开Intranet的邮件都通过防火墙，防火墙检查每个邮件并阻止不符合指定安全性标准的邮件。 将防火墙连接到称为“非军事区”或DMZ的第三个网络也是很常见的，该网络中的服务器位于组织中，应该可以从外部网络进行访问。 正确配置的防火墙为网络增加了必要的保护，但在任何情况下都不应认为是足够的。 计算机安全性涵盖了更多领域以及更多的工作和保护级别。

防火墙的局限性 (Limitations of a firewall )

The limitations stem from the very definition of firewall: filter traffic. Any type of computer attack that uses traffic accepted by the firewall (for open TCP ports used specifically, for example) or simply not use the network, will remain a threat. The following list shows some of these risks:

局限性源于防火墙的定义：过滤流量。 使用防火墙接受的流量(例如，专门用于开放的TCP端口)或根本不使用网络的任何类型的计算机攻击都将继续构成威胁。 以下列表显示了其中一些风险：

• A firewall can not protect against those attacks that traffic does not pass through it.
  防火墙无法防止流量无法通过的攻击。
• The firewall can not protect against threats that are subject to internal attacks or careless users. The firewall can not prevent corporate spies copying sensitive data in physical storage media (disks, memories, etc.) And withdraw from the building.
  防火墙无法防止遭受内部攻击或粗心用户的威胁。 防火墙无法阻止公司间谍在物理存储介质(磁盘，内存等)中复制敏感数据并退出建筑物。
• The firewall can not protect against social engineering attacks.
  防火墙无法抵御社会工程学攻击。
• The firewall can not protect against possible attacks to the internal network to viruses through files and software. The real solution is that the organization should be aware of installing anti-virus software on each machine to protect against viruses that arrive via any storage medium or other source.
  防火墙无法防止通过文件和软件对内部网络进行病毒攻击。 真正的解决方案是组织应意识到在每台计算机上安装防病毒软件，以防止通过任何存储介质或其他来源传播的病毒。
• The firewall does not protect against breaches of security services and protocols which traffic is allowed. Must be configured properly and ensure the safety of the services that are published on the internet.
  防火墙无法防止违反允许流量的安全服务和协议。 必须正确配置并确保在Internet上发布的服务的安全性。

防火墙类型 (Firewall Types)

Application Layer Gateway

应用层网关

It applies security mechanisms to specific applications such as FTP and Telnet servers. This is very effective, but can impose performance degradation.

它将安全机制应用于特定的应用程序，例如FTP和Telnet服务器。 这非常有效，但是会导致性能下降。

电路级网关 (Circuit-level gateway )

Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further control. It allows the establishment of a session that originates from an area of greater security to a lower security area.

建立TCP或UDP连接时应用安全性机制。 一旦建立连接，数据包就可以在主机之间流动而无需进一步控制。 它允许建立从较高安全性区域到较低安全性区域的会话。

网络层防火墙或数据包过滤 (Network layer firewall or packet filtering )

Works at the network level (OSI Layer 3, Layer 2 protocol stack TCP / IP) and IP packet filter. At this level you can make filters for different IP packet fields: source IP address, destination IP address. Often in this type of firewall to filter fields as transport layer (layer 3 TCP / IP, OSI model layer 4) as the source and destination port, or data link layer (no TCP / IP, OSI Model Layer 2) as the MAC address.

在网络级别(OSI第3层，第2层协议栈TCP / IP)和IP数据包筛选器工作。 在此级别，您可以为不同的IP数据包字段创建过滤器：源IP地址，目标IP地址。 通常在这种类型的防火墙中将字段过滤为传输层(第3层TCP / IP，OSI模型第4层)作为源端口和目标端口，或将数据链路层(无TCP / IP，OSI模型第2层)作为MAC地址。

应用层防火墙 (Application Layer Firewalls)

They work on the application level (level 7), so that the filter can be adapted to characteristics of the protocols at this level. For example, in the case of HTTP traffic, filtering can be performed according to the URL you are trying to access. A firewall at 7, often referred to proxy HTTP traffic, allowing the computers in an organization come to the Internet in a controlled manner. A proxy effectively hides the true network addresses.

它们在应用程序级别(级别7)上工作，因此可以在此级别使过滤器适应协议的特征。 例如，对于HTTP通信，可以根据您尝试访问的URL进行过滤。 位于7的防火墙通常称为代理HTTP流量，它允许组织中的计算机以受控方式进入Internet。 代理有效地隐藏了真实的网络地址。

个人防火墙 (Personal Firewall )

A special case of firewalls that are installed as software on a computer, filtering communications between that computer and the rest of the network. It is used for both a personal level.

防火墙的一种特殊情况，它是作为软件安装在计算机上的，可过滤该计算机与网络其余部分之间的通信。 它用于个人级别。

Continued…

继续…

翻译自: https://www.eukhost.com/blog/webhosting/data-center-equipment-and-terms-part-2/

服务条款和隐私