[譯]理解為什麼防火牆聊勝於無

See why even a simple firewall is better than nothing
理解為什麼防火牆聊勝於無

《endurer註：1。better than nothing聊勝於無》

by Jonathan Yarden
作者：Jonathan Yarden
翻譯：endurer

Keywords: Firewalls | Security applications/tools | Internet | Security management

關鍵字：防火牆 | 安全應用程式／工具 | Internet | 安全管理
英文來源：http://techrepublic.com.com/5100-1009-6036812.html?tag=nl.e044

Takeaway:
Deciding which type of firewall to use depends on what you're trying to protect. In this edition of Internet Security Focus, Jonathan Yarden breaks down the differences between software and hardware firewalls, and he discusses situations in which advanced firewall features are necessary.
概述：
決定使用哪種防火牆取決於你要保護的是什麼。在這期Internet安全焦點中，Jonathan　Yarden分解了軟體防火牆和硬體防火牆的不同，並討論了哪些進階防火牆特性是必要的。

《endurer註：1。break down 毀掉, 制服, 壓倒, 停頓, 倒塌, 中止, 垮掉, 分解；打破(減輕,坍塌,徹底失敗,精神不支,中止,把分解)
2。discuss a situation討論局勢》

As a systems administrator for an ISP, my primary function is to support several thousand customers by ensuring that equipment and services are operating correctly. Depending on the customer, this job can include maintaining on-site routing and firewall equipment, which can vary depending on the specific needs of the customer.

作為一名ISP（Internet服務提供者）的系統管理員，我的主要職責是確保裝置和服務正常運行，為數千客戶提供支援。這些工作取決於使用者，可能包括維護所在地的路由和防火牆裝置，它們可能因客戶的特別需要而不同。
《endurer註：1。primary function主要職責；基函數, 原函數
2。on-site現場；所在地的》

When it comes to supplying Internet access, ISPs provision a single IP address or a subnet for their customers. Either way, I always suggest that anyone accessing the Internet protect systems with either a hardware or software firewall.

ISP提供Internet訪問時，為客戶提供一個單一IP地址或子網。總之，我一直建議任何人在硬體或軟體防火牆下訪問Internet保護系統。
 《endurer註：1。either way 總之,兩種情況都》

Of course, IT pros know that a firewall is anything that protects a computer or network from the ravages of the Internet. But when talking to end users, I try to describe the level of questionable activity on the Internet in terms of worldwide accessibility.

當然，IT專家們知道防火牆是保護電腦或網路免於Internet破壞的東東。但對終端使用者而言，我儘力用全世界可接受的術語描述Internet上的可疑行為。
《endurer註：1。talk to 對某人說話；責備》

Because public Internet addresses are readily accessible from anywhere in the world, even a simple dial-up Internet connection with a public IP address exposes your computer to the rest of the world while you're connected. This means anyone on the Internet can identify your computer梐nd perhaps scan it to see whether it's running vulnerable software or services. That's why you need to implement a firewall to try to protect it.

因為公用Internet地址可以很容易地從世界上任何一個地方訪問，即使是一個使用公用IP地址的簡單的撥號連線，在連上網時，使電腦暴露於世界上的其他人。這意味著Internet上的任何一個人都能確定該電腦——並可能掃描它，看看它是否正在運行有缺陷的軟體或服務。這就是為什麼你需要執行一個防火牆儘力保護它。

Hardware vs. software firewalls

As I tell my customers, deciding which type of firewall to use depends on what you're trying to protect. If you're just worried about a single computer system with Internet access, ZoneAlarm software works well enough for most people.

我告訴客戶，決定使用哪種防火牆取決於你要保護的是什麼。如果你只是擔心可以訪問Internet的單一電腦系統，那麼軟體ZoneAlarm可以為大多數人很好的工作。
 《endurer註：1。worry about 擔心》

ZoneAlarm not only alerts you when someone tries to access your computer, but it alerts you when a program on your computer attempts unauthorized access to the Internet. If the access is valid, you can instruct ZoneAlarm to remember the program and allow access in the future without alerts. Although it's not an antivirus program, ZoneAlarm can also detect Trojan horse and spyware programs.

ZoneAlarm不僅在某人試圖訪問你的電腦時向你警示，而且當你的電腦中的程式未經驗證地企圖訪問Internet時，它也會向你警示。如果該訪問是正當的，你可以指示ZoneAlarm記住這個程式，並允許以後訪問時不再警示。儘管ZoneAlarm不是反病毒程式，但它也可以檢測特洛伊木馬和間諜程式。

However, sometimes a software firewall just won't cut it. I suggest using a hardware firewall in these situations:

然而，有時一個軟體防火牆應付不了。我建議在這些情形中使用硬體防火牆：

• A customer needs Internet access on more than one computer.
  客戶不止一台電腦需要Internet訪問
• A customer needs a secure connection to a main office.
  客戶需要到總公司的安全連線
  《endurer註：1。main office 總公司(社、行、局、店等)大會辦公處》
• The client is a branch office.
  用戶端是分部。
  《endurer註：1。branch office n.分局；分社；分行》
• A company needs to host e-mail and Web servers.
  公司需要e-mail和Web伺服器主機

Even though it's possible to share an Internet connection and firewall software using one computer as the router, I think it's a bad idea to use a workstation in this manner. Everyone on the network becomes dependent on the reliability of someone else's computer.

即使在一台電腦上共用Internet串連和防火牆軟體作為路由器是可行的，我想照這樣使用工作站是個壞主意。網路上的電腦變得相互依賴。
《endurer註：1。even though 即使
2。in this manner 如此, 照這樣》

If a computer locks up or reboots, it cuts off Internet access. Then people call the ISP to complain, even when it's not the source of the problem.

如果一台電腦鎖定或重啟，就切斷了Internet訪問，接著人們叫ISP來解釋，甚至是在這不是問題的根源時。
《endurer註：1。lock up上鎖,封鎖,監禁,禁閉
2。cut off切斷》

Hardware firewalls don't have to be expensive. For instance, NETGEAR and Linksys models sport sufficient features for a reasonable cost.

硬體防火牆並不昂貴。例如，NETGEAR和linksys模組就物有所值。
《endurer註：1。Netgear（美國網件）和linksys（思科系統子公司）都是兩個在中小企業及產品中比較出眾的牌子
2。sports model運動車型》

Do you need advanced firewall features?

If clients telecommute or are setting up a branch office of a larger corporation, they probably need to use virtual private networking (VPN) features. Clients may also need Network Address Translation (NAT) when there are multiple internal computers and only one public IP address.

如果客戶遠距離工作或設立一個大公司的分部，他們可能需要使用虛擬私人網路（VPN）特性。當有多台內部電腦和一個公用IP地址時，用戶端可能也需要網路位址轉譯（NAT）。
 《endurer註：1。telecommute(在家裡通過使用與工作單位串連的電腦終端)遠距離工作
2。set up 設立, 豎立, 架起, 升起, 裝配, 創(紀錄), 提出, 開業》

If customers need a subnet to support public Internet servers, I recommend using port forwarding and "hiding" the real service behind the firewall. No matter which advanced features your clients need, they should choose a hardware firewall that supports these advanced features.

如果客戶需要子網來提供公用Internet伺服器，我推薦使用連接埠映射（port forwarding），並把真正的服務藏在防火牆後面。不論你的用戶端需要哪個進階特性，他們需要選擇支援這些進階特性的硬體防火牆。
《endurer註：1。no matter 不論...》

Another thing to keep in mind when dealing with telecommuters or branch offices is to always check with the company's IT department before buying anything. I can't tell you how many times I've needed to replace equipment and fix VPN settings because branch offices and telecommuters didn't check with their IT department before buying equipment.

在處理遠距離工作者或分部時，另一件需要記住的事情是，在購買東西前與公司的IT部門協商。我無法告訴你，因為分部和遠距離工作者沒有和他們的IT部門協商就購買裝置，我需要替換裝置和修複VPN設定的次數。
《endurer註：1。deal with研究(討論,處理,涉及)
2。check with與...相符合；與...協商》

Regardless of your clients' specific needs, using a firewall does improve security. Anything they can do to "hide" their computer systems and services from the public Internet reduces risk.

不論用戶端的特別需要，使用防火牆增強安全。他們能對Internet隱藏電腦系統和服務，降低危險。

《endurer註：1。Regardless of不顧,不惜》
My personal preference is to always use hardware firewalls, but software programs such as ZoneAlarm are better than nothing at all. However, firewalls can't prevent a virus or worm from taking over your computer—that's typically the job of antivirus software.

我個人偏愛是一直使用硬體防火牆，但軟體程式，如ZoneAlarm，也總比根本沒有好。然而，防火牆不能防止病毒或蠕蟲接管你的電腦——這是反病毒軟體的典型工作。

《endurer註：1。take over接管,接任》

That's why it's important to remember that effective Internet security involves several layers. Consider a firewall system to be the first layer of your clients' security needs.

這就是為什麼記住有效Internet安全性組件含若干層是很重要的。考慮防火牆系統成為你的客戶安全需要的第一層罷。