网络安全设备

建立高效的网络安全设备IP数据包转发机制

Constructing efficient IP packet transmit methodology for network security devices

因此作为一种网络安全设备，VPN网关被广泛的应用。

VPN gateway was widely used as network security equipment .

越来越多的网络安全设备厂商趋向于采用FPGA芯片与CPU结合的策略。

An increasing number of network security equipment vendors tend to use of FPGA and CPU combination strategy .

提出在IBM虚拟机器的架构上，使用错误围堵策略建立可生存的网络安全设备内核的思想。

Fault containment is proposed to construct a survivable kernel of the network security device based on the IBM virtual machine .

这种策略下，FPGA芯片所能达到的数据吞吐率便成了衡量网络安全设备性能的关键指标。

Under this strategy , the key performance indicator to measure network security devices is the data throughput achieved by FPGA chip .

论文重点研究了4&7层网络安全设备的TCP并发连接性能的测试。

The Concurrent TCP Connection performance test of the network security devices that working at 4-7 layer was the emphases of this paper .

入侵检测系统（IntrusionDetectionSystem，缩写为IDS）作为近年来迅速发展的网络安全设备，扩展了管理员在监视、审计、攻击识别和响应等方面的安全管理能力。

Intrusion Detection System ( IDS ) is one of the fast-developing network security devices in recent years . It strengthens Administrators ' security management abilities of monitoring , auditing , identifying attacks and corresponding response .

防火墙、VPN设备等网络安全设备都需要支持VLAN，IEEE制定的802.1Q及Cisco公司制定的ISL是VLAN的两个主要协议。

Network security products such as Firewall and VPN devices must support VLAN . 802.1Q protocol issued by IEEE and ISL protocol issued by Cisco are the two main protocols of VLAN .

本文提出的BFPC算法为将Bloomfilter应用到网络安全设备的设计中提出了新的思路，具有一定的研究价值和应用价值。

The algorithm of BFPC proposed in this paper gives a new way to apply the Bloom Filter to the design of equipments for network security , and has the significance of research and application .

在分析和归纳网络安全设备的基本功能的基础上，在CIM核心模型和公共模型之上建立了网络安全设备的扩展模式，并以安全隔离设备的建模过程对CIM信息建模的实效性进行验证。

The thesis analyzed and induced the basic functions of the network security equipment , and then the extension schema of network security equipment was build atop the core model and common model of CIM .

用错误围堵策略建立可生存的网络安全设备内核

Utilizing Fault Containment to Construct a Survivable Network Security Device Kernel

文中探讨了嵌入式网络安全设备的远程安全通信设计。

Discusses the design of remote secure communication on embedded network devices .

对于网络安全设备而言，性能和成本一直是矛盾的两个方面。

The performance and cost of network facilities always conflict with each other .

打造高效稳固的网络安全设备内核

Construct Powerful and Steady Kernel for Network Security Device

防火墙是最基础的网络安全设备，它的主要功能在于把那些不收欢迎的访问隔离在特定网络之外，是企业网络的边界防御体系。

Firewall is the fundamental device of network security .

嵌入式网络安全设备的抗缓冲区溢出攻击机制

Protection against buffer overflow in embedded system

防火墙与入侵检测系统是最著名的两款网络安全设备。

The firewall and intrusion detection are two of the well-known approaches to network security .

在此基础上设计了一种可扩展的网络安全设备内冲突检测算法；

Based on it , designed an extensible intra network security device policy conf1ict detection algorithm .

这种趋势迫切要求与之要适应的高性能网络安全设备来支持带宽的升级。

The trend is in urgent need of high speed network equipment which can support upgraded bandwidth .

在分析了缓冲区溢出的基本原理以及抗缓冲区溢出攻击的方法后，提出建立全新的嵌入式网络安全设备的安全架构，并构建多层次的抗缓冲区溢出攻击机制。

The various types of buffer overflow vulnerabilities and attacks as well as the various defensive measures are surveyed .

根据网络安全设备的特点和特殊需求，详细阐述了适合嵌入式网络安全设备需要的多层次，全方位的抗缓冲区溢出攻击机制。

A new architecture for embedded network security system is proposed and a multi-level protection against buffer overflow is expounded .

实践证明，帧中继加密机是一个安全，可靠，高效的网络安全设备。

It is proved by practice that the frame relay encryptor is a device which has a good quality of security , credibility and efficiency .

加密卡可以为个人计算机系统、网络安全设备提供密码服务，以实现数据的安全存储和网络信息的保密通信。

Cipher Card can offer cryptogram service to PC system and network security device to realize safe storage for files and secure communication for information on network .

目前，大多数网络安全设备或网络信息增值业务设备逐渐由旁路干预转为串行控制。

Currently , most Internet security equipment or network information value-added services equipment have gradually changed the control method from the bypass intervention into the serial control .

本文详细分析了流量控制的理论和技术，结合网络安全设备的情况，设计实现了基于区分服务模型的流量控制系统。

In this paper , combining network security , we discuss the theory and technology of traffic control , design and implement the traffic control based on DiffServ .

随着网络安全设备功能的日益扩充，作为安全功能基础的安全规则，其种类也在随之增多。

In the meantime , with the expansion of security equipment functions , the categories of filter rule which is the basis of the network security are increased subsequently .

针对基于内容检查的某网络安全设备功能需求和性能指标，对其模拟测试软件进行了分析与设计。

For the functional requirements and performance indicators of a certain network security equipment based on the content testing , the paper analysis and design the simulation test software .

各种不同网络安全设备每天都产生大量的信息，并且不同的网络设备之间的安全事件存在一定内在的联系。

A variety of different network security devices have produced a wealth of information every day , and network equipment between the different security incidents is intrinsically linked to some .

提出一种基于正则表达式进行高速骨干链路协议识别的硬件实现系统结构，并考虑将其融入网络安全设备，应用于下一代网络安全体系。

A High Speed Network Protocol Identification Framework based on regular expression has been proposed . And consider combining it into network safety , apply in next general network security system .

方便、易用、安全的远程管理和身份认证功能，是防火墙产品作为网络安全设备，必不可少的组成部分，也成为防火墙产品在市场中的竞争点之一。

Remote management and user authentication with convenient , easily-employed , secure features , are the necessary parts of firewall products and are the competition factors of firewall product in market .