密级:文档编号:项目代号:中国移动企业信息化防火墙安全规范Version1.0中国移动通信有限公司二零零四年十二月拟制:审核:批准:会签:标准化:版本控制版本号日期参与人员更新说明分发控制编号读者文档权限与文档的主要关系1创建、修改、读取负责编制、修改、审核2批准负责本文档的批准程序3标准化审核作为本项目的标准化负责人,负责对本文档进行标准化审核4读取5读取目录1综述.........................................................................................................................................62防火墙简介和分类..............................................................................................................72.1防火墙简介.......................................................................................................................72.2防火墙分类.......................................................................................................................82.2.1包过滤(PacketFilter)..........................................................................................82.2.2应用层代理(Proxy).............................................................................................92.2.3电路层代理(CircuitProxy).................................................................................92.2.4动态包过滤(DynamicPacketFilter).................................................................102.2.5全状态检测(StatefulInspection).......................................................................102.2.6自适应代理(AdaptiveProxy).............................................................................112.2.7深度包检测(DeepPacketInspection)...............................................................113防火墙技术..........................................................................................................................133.1NAT..................................................................................................................................133.2双机热备........................................................................................................................143.3桥接、路由.....................................................................................................................143.4内容过滤........................................................................................................................163.5带宽管理........................................................................................................................173.6附加功能:攻击保护,联动功能,入侵检测,防止攻击.........................................184防火墙的体系结构............................................................................................................214.1屏蔽路由器(ScreeningRouter).................................................................................214.2双穴主机网关(DualHomedGateway).....................................................................214.3屏蔽主机网关(ScreenedHostGateway)...................................................................224.4屏蔽子网(ScreenedSubnet)....................................................................................225防火墙的功能要求............................................................................................................245.1包过滤防火墙应具备的基本安全功能...........................................