服务条款和隐私

入侵侦测系统 (Intrusion Detection System)

Intrusion Detection System or IDS refers to the technical means to detect in a network when it is having unauthorized access that may indicate the action of a cracker or even malicious employees. With the fast growth in technology infrastructure and services in both the network protocols becomes increasingly difficult to implement intrusion detection system. This fact is intimately connected not only the speed at which technologies advance, but mainly with the complexity of the means that are used to increase security in data transmission.

入侵检测系统或IDS是指在网络中进行未经授权访问时进行检测的技术手段，该访问可能表明黑客或什至是恶意员工的行为。 随着技术基础设施和服务的迅猛发展，两种网络协议都越来越难以实现入侵检测系统。 这个事实不仅与技术的发展速度密切相关，而且还与增加数据传输安全性的方法的复杂性密切相关。

A much discussed solution is to use host-based IDS that analyzes traffic on an individual in a network. In host-based IDS is installed on a server to alert and identify attacks and attempts at unauthorized access to the machine itself.

讨论最多的解决方案是使用基于主机的IDS，该IDS分析网络中某个人的流量。 在基于主机的IDS中，服务器上安装了IDS，以警告和识别攻击并尝试未经授权访问计算机本身。

Below is a brief demonstration of how certain technologies can hamper the use of intrusion detection systems.

以下是某些技术如何阻碍入侵检测系统使用的简要演示。

SSL，IPSec等 (SSL, IPSec and other )

IDS network-based or network-based, monitoring the headers and data field of the packets in order to detect possible intruders in the system and access that can impair network performance. The deployment of encryption (implemented via SSL, IPSec and others) in data transmission as a safety impairs this process. This ciframento can be applied in the packet header in the data area of the package or even the whole package, and preventing or hindering the understanding of data by entities other than its real destination.

基于IDS的基于网络或基于网络的IDS，监视数据包的标头和数据字段，以便检测系统中可能的入侵者并访问可能损害网络性能的入侵者。 为了安全起见，在数据传输中部署加密(通过SSL，IPSec和其他方式实现)会损害此过程。 此ciframento可以应用于包的数据区域甚至整个包的数据区域的数据包头中，并防止或阻碍除其实际目的地以外的实体对数据的理解。

In IPSec transport mode is similar to SSL, authenticating and protecting only the data area of the IP packet; already in tunnel mode the entire IP packet is encrypted and encapsulated. As can be seen in transport mode an IDS can check only the packet header, while the tunnel mode or the header and not the data area.

IPSec传输模式类似于SSL，仅对IP数据包的数据区域进行身份验证和保护； 已经处于隧道模式的整个IP数据包已加密并封装。 从传输模式可以看出，IDS只能检查数据包报头，而隧道模式或报头则不能检查数据区。

交换网络上的IDS (IDS on switched networks )

The implementation of IDSs switched networks (in the case-based switching) allow direct communication, not shared between two devices. This feature introduces some difficulties for the implementation of IDS compared with the networks broadcast.

IDS交换网络的实现(在基于案例的交换中)允许直接通信，而不是在两个设备之间共享。 与广播网络相比，此功能给实施IDS带来了一些困难。

As this type of network data travels directly to their destinations (without diffusion) becomes necessary, the deployment of IDSs, some specific solutions. The use of Port Span is the use of switches with embedded SDI. The decision to use should be discussed before purchasing the network hubs (switches).

由于这种类型的网络数据直接传送到目的地(无扩散)是必要的，因此IDS的部署是一些特定的解决方案。 使用端口跨度就是使用带有嵌入式SDI的交换机。 购买网络集线器(交换机)之前，应先讨论使用决策。

Using Splitting and Optical Wire Tap is a solution that involves placing a “listening” between a switch and a network device that you wish to monitor. A fairly cheap way of doing this (Ethernet and Fast Ethernet) is the placement of a broadcast network hub (hub) on the connection you wish to inspect. In the case of optical fibers just add an optical device called a tap. The use of Port Mirror consist of making the switch mirroring traffic from one port to another only used for monitoring. This method is similar to wire tap but is deployed in the switch itself.

使用分离和光缆分接头是一种解决方案，涉及在交换机和要监视的网络设备之间放置“侦听”功能。 一种比较便宜的方法(以太网和快速以太网)是将广播网络集​​线器(hub)放置在您要检查的连接上。 在使用光纤的情况下，只需添加一个称为抽头的光学设备。 端口镜像的使用包括使交换机将流量从一个端口镜像到另一个仅用于监视。 此方法类似于拉线，但部署在交换机本身中。

高速网络中的IDS (IDS in high speed networks )

Technological developments have also enabled a greater number of networks have high speed data transmission. Under the terms of deployment of IDS this becomes a very delicate point that brings important issues in the maintenance of infrastructure networks, including: The IDS software able to analyze any large amount of data that travel over the network? The hardware monitoring traffic bear size? The IDS will not harm the network performance becomes a bottleneck?

技术的发展还使更多的网络具有高速数据传输。 根据IDS的部署条款，这将成为一个非常棘手的问题，在维护基础架构网络时会带来重要问题，包括：IDS软件能够分析通过网络传输的大量数据吗？ 监控流量的硬件承受的大小是多少？ IDS会不会成为损害网络性能的瓶颈？

These and other issues, has been widely discussed generating several solutions to overcome these problems or potential problems; including:

已经广泛讨论了这些和其他问题，并提出了解决这些问题或潜在问题的几种解决方案。 包含：

• Increase the processing power equipment
  增加处理能力的设备
• Monitoring using administrator defined Target IDS
  使用管理员定义的目标IDS进行监视
• Resources Filtering IDS
  资源过滤IDS
• Segregation of service by IDS (IDS Specialist)
  通过IDS隔离服务(IDS专家)

HVAC(供暖，通风和空调) (HVAC (Heating, Ventilation, and Air Conditioning))

HVAC is an abbreviation, used extensively in all fields of industry, which stands for Heating, Ventilation, and Air Conditioning.

HVAC是一种缩写，广泛用于所有行业领域，代表供暖，通风和空调。

Study: From Wikipedia, the free encyclopedia. The text is available under the Creative Commons.

研究：来自维基百科，免费的百科全书。 该文本可在“ 知识共享”下找到 。

To be continued…

未完待续…

翻译自: https://www.eukhost.com/blog/webhosting/data-center-equipment-and-terms-part-3/

服务条款和隐私