Đang chuẩn bị liên kết để tải về tài liệu:
Maintaining the Underlying Platform
Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
As with any device on the network, firewalls run software (whether it is embedded in an application-specific integrated circuit [ASIC] or runs from Flash memory or runs from a disk file system) to be able to perform their functions. | Maintaining the Underlying Platform As with any device on the network firewalls run software whether it is embedded in an application-specific integrated circuit ASIC or runs from Flash memory or runs from a disk file system to be able to perform their functions. Typically as in the case of the Cisco PIX and ASA platforms as well as NetScreen and other vendor firewalls these firewalls run a custom operating system whose source code is not available to the general community for review or tampering. If a bug or vulnerability is discovered by an outside party it is left to the manufacturer to develop a patch and release a new version of the operating system to be installed by the end user to solve the problem. In addition any new feature added to the device is done according to the schedule of the manufacturer. At the opposite end of the spectrum are the open source systems with firewall capabilities. These include Linux OpenBSD and Solaris 10 to name a few. Each of these systems Linux s NetFilter OpenBSD s PF and Solaris 10 s IPFilter firewall source code is available for inspection by outside groups. This does not necessarily mean that the filter code in these operating systems is better but it can be more easily extended by someone who has the skill set necessary to code the additional capabilities into the software. However each of these filtering systems runs under a more generic operating system Linux OpenBSD and Solaris respectively and therefore the possibility of bugs or vulnerabilities some tied to the filtering code and others not may be greater because the underlying operating systems are meant for more general use. Such systems require care patience and effort to both maintain and to secure to ensure that the firewall is not compromised. If a bug or vulnerability is discovered in one of these firewalls the patch for it is likely to be available sooner than a closed source appliance system. Typically this is because the number of people who may be able to