Conyac で依頼された翻訳結果を公開

A firewall system, intrusion detection mechanism and computer virus scanning tools should be maintained to provide security protection for Internet access service. Depending on the services to be provided, the following network devices may be deployed with:

• Authentication servers (for user identification and access control)
• Remote Access Server (RAS) and modem pools (for remote dial-in and access)
• Domain Name System (DNS) servers (for host name and address mapping)
• Simple Mail Transfer Protocol (SMTP) gateway and mail servers (for Internet email)
• Web servers (for information publishing)
• Proxy servers (for caching, network address hiding, access control)
Nonetheless, some security guidelines on the above components will be explained in later sections with focus on their security measures.
This architecture can separate the internal network from the external one, and can hide the information about the internal network. Separate segments may be assigned within the DMZ for better access control and protection.
In fact, Internet gateway architecture for different services may require specific tailoring depending on many factors such as network infrastructure, services provided, performance, mode of operations, cost and so on.

Web Servers
Separate web servers should be used to restrict access when providing different information to internal and external users. • Web servers can be placed inside or outside the internal network. Web servers, which are placed inside the internal network, are normally used for providing information to internal users, while web servers outside the internal network are used for disseminating information to the public or external users. All outside web servers need to be connected to the firewall in the DMZ with a separate network interface.
• A dedicated host should be assigned for running a web server, a mail server or any critical service separately. In case of being compromised, this can reduce the impact to other services.