Login or register (free and only takes a few minutes) to participate in this question.
You will also have access to many other tools and opportunities designed for those who have language-related jobs (or are passionate about them). Participation is free and the site has a strict confidentiality policy.
English to Chinese translations [PRO] Tech/Engineering - IT (Information Technology) / PIX Firewall
English term or phrase:baseline your network
10. Know your network – You should baseline your network so that you know what a “normal” traffic load looks like. By determining what's normal and monitoring your network, you will know what is abnormal.
You may be thinking, “Shouldn’t a firewall be locked down by default?” Well, to some degree this is true, but not completely. Here are 10 steps to ensure your PIX Firewall is as secure as it can be.
1. Password protect it – By default, the Cisco PIX has no password on the console. If you configure Telnet access to the PIX, the default password is "cisco." You should set a strong password for both the console and the Telnet interface. Make sure you choose a complex password (containing uppercase and lowercase letters, numbers, and special characters).
2. Know your access-lists – Having a firewall is all about permitting the “good” traffic through the firewall and denying the “bad” traffic from reaching the internal network. Access-lists are preferred over the conduit methods that were used in the past. However, one syntax mistake in an access-list and all the bad traffic can come in. As a firewall administrator, you need to know and understand every element in the access-lists on each Cisco PIX Firewall you manage.
3. Log denials and errors – So that you have a record of what traffic is being blocked by your firewall, you should log denials, attempted intrusions, and errors. This logging should go to a syslog server so that it can be archived and stored off of the PIX. For more information on sending PIX logging to syslog, see this link . Also, you should enable Network Time Protocol (NTP) on the PIX so that the clock is always current, which will ensure that the timestamp/datestamp on your log entries is also correct.
4. Use SSH in place of Telnet – With Telnet, the username and password used to log in are sent in clear-text (unencrypted). Thus, with Telnet, the password used to log in to the PIX can be sniffed over the network. You should use SSH instead of Telnet so that the password (and all other commands) are encrypted. Here's a link on using SSH for remote system management. Another option is to set up the PIX as a VPN server, use VPN to connect to the PIX (forming an encrypted tunnel), and then use Telnet to connect through the tunnel.
5. Understand the ASA – At the heart of the PIX Firewall is the Adaptive Security Algorithm (ASA). As a firewall administrator, you must understand the methodology of how the ASA works. Without this knowledge, you could mistakenly allow full access to your private network or disable access to critical business applications. For more information about the ASA, check out this Cisco link .
6. Enable optional security features – A Cisco PIX Firewall has a long list of optional features to make your network more secure. These features include Unicast Reverse Path Forwarding, MailGuard, FloodGuard, FragGuard, and URL Filtering. You can read more about them here .
7. Keep the PIX OS and PDM patched – As with any operating system or application, there will always be new vulnerabilities found in the PIX Firewall, even though it is essentially an appliance. On a PIX Firewall, there are usually two separate binaries to keep updated. The PIX OS is the first one. The file for the PIX OS is named something like pix634.bin. The optional piece is the PIX Device Manager (PDM), and it must be upgraded separately. Its file is named something like pdm-302.bin. Cisco PIX OS software is available to registered CCO users at this link .
8. Back up your configuration – Once you make all your configurations to the PIX, you need to back it up in a secure place off of the PIX. This is a precaution in case the PIX has a hardware failure. To do this, use the tftp-server command to tell the PIX which TFTP server that the backup file will be stored on. Then use the write net command to store the configuration on the TFTP server. You can set up a simple TFTP server on a Windows or Linux/UNIX system, or you can use Cisco's TFTP software. This link can help.
9. Use secure encryption – You can purchase different models of PIX Firewalls. Some come with no encryption, some have 56-bit DES encryption, and some have 3DES/AES encryption. However, no matter which model you bought, I recommend that you upgrade to the highest level of encryption possible. If you have no encryption, you can get a free license for DES 56-bit encryption from this link . You can upgrade to 3DES/AES encryption by contacting a Cisco reseller. If your PIX came with 3DES/AES encryption, you still have to register it to use it. You can also register it here . To see what encryption you currently have enabled, do a show version on your PIX.
10. Know your network – You should baseline your network so that you know what a “normal” traffic load looks like. By determining what's normal and monitoring your network, you will know what is abnormal. A good tool for baselining and monitoring is PRTG . PRTG works via SNMP and can monitor and graph the traffic flowing through a Cisco PIX. Here is a TechRepublic article on PRTG. Here is a Cisco help document on SNMP configuration with Cisco PIX.
Automatic update in 00:
15 mins confidence: peer agreement (net): +3
Explanation: 了解您的网络 - 给网络树立基准，这样你即会了解“正常”流量载荷的情况。
-------------------------------------------------- Note added at 17 mins (2006-10-29 12:10:02 GMT) --------------------------------------------------
根据 Longman 辞典的解释：
base‧line [countable usually singular]
1. technical a standard measurement or fact against which other measurements or facts are compared, especially in medicine or science:
The company's waste emissions were 14% lower than in 1998, the baseline year.
-------------------------------------------------- Note added at 18 mins (2006-10-29 12:10:45 GMT) --------------------------------------------------
Jianjun Zhang United Kingdom Local time: 04:37 Specializes in field Native speaker of: Chinese PRO pts in category: 131
KudoZ™ translation help
The KudoZ network provides a framework for translators and others to assist each other with translations or explanations of terms and short phrases.