The design of the campus network, the firewall directly connected to the Internet,is exporting the entire campus network. In this case,the ifrewall is actually a screened host ifrewall, that in general,a host on the Internet can connect to the bridge system on the internal network. Even so,only certain types of connections are allowed to determine. Any external system trying to access internal system or service must be connected to this bastion host.Therefore,bastion hosts need to have a high level of safety.%在校园网设计中,防火墙直接连接外部网络,是整个校园网络的出口。此时,防火墙实际上是一个屏蔽主机防火墙,即一般而言,Internet上的主机能连接到内部网络上的系统的桥梁。即使这样,也仅有某些确定类型的连接被允许。任何外部的系统试图访问内部的系统或者服务将必须连接到这台堡垒主机上。文章分析了堡垒主机需要拥有高等级的安全架构。
展开▼
