| 摘要 |
protective means such as fire walls isolating computer and network resources residing behind fire walls from networks, computers, and application programs beyond the latter. SUBSTANCE: internal resources are usually private data bases and local computer networks; peripheral objects are users and computer application programs operating in public communication networks such as Internet. Fire wall usually enables internal users and objects to establish communication with peripheral objects or networks but makes it impossible to do so in reverse direction, that is, from outside. Novelty is introduction of tunneling system enabling communication either side of fire wall from outside upon request for said communication from authorized persons, users, objects, or computer application programs residing beyond fire wall. Provision is made for minimizing number of resources engaged in establishing such tunnel connections (that is, communications through fire wall upon request of peripherals) and for minimizing risk of unauthorized intervention through fire wall. Method and device use application programs executed by means of interface servers mounted behind and beyond fire wall; they also use special table of authorized sockets whose generation and operation is conducted by internal application program for tunneling. Items of said table of authorized sockets determine objects residing behind fire wall and identify special internal port, data transmission protocol used for each port, and host object coupled with each port. EFFECT: provision for establishing communications either side of fire wall on request of authorized objects or users. 6 cl, 6 dwg
|
