2017年高考题全国卷2:英文翻译 高手们帮帮忙

Security is not a deliverable. Security products provide two primary benefits: visibility and control. And, it is the combination of these two benefits that make it possible to create and enforce an enterprise security policy to make the private computer network secure.
Visibility: the ability to see and understand the nature of the network and the traffic on the network.
Control: the ability to affect network traffic including access to the network or parts thereof.
Visibility is paramount to decision making. Visibility makes it possible to create a security policy based on quantifiable, real-world data. This reality- based policy will enhance appropriate spending on security solutions and help guard the enterprise against unnecessary or premature expenditures. Additionally, visibility is the first element of predictive analysis, allowing the enterprise to invest in technologies before a vulnerability is exploited. Visibility systems also enhance the value of control devices by providing quantitative validation of control system performance and the effectiveness of the security policies.
Control is paramount to enforcement. Control makes it possible to enforce compliance with security policy. Control systems allow security and IT professionals to shape and form the traffic in the network so that the enterprise may be reasonably assured that the information assets that live within the network are not vulnerable and have not been compromised.
Why Do I Need Both Visibility and Control?
In many cases it is obvious that a control system like firewalls and routers will protect the enterprise from some threats. The majority of damaging attacks on the enterprise COMPLY WITH THE ENTERPRISE SECURITY POLICY. It is a terrifying but real truth that the best hackers and the most damaging attacks comply with the in-place security policy. These attacks simply exploit loopholes in the security policy to execute the attack without detection.
Taking security to the next step, the firewall was created to add a layer of intelligence to the muter, like being able to ignore the telephone number and instead identifying if the call is from a company categorized as "solicitor," or one without identification. Firewalls brought a rules-based policy to the ACL. A rules-based policy allows the operator to create rules that automatically enforce the security policy using qualifiers in addition to IP address like port, protocol, and direction to specify actions like blocking, logging, alerting or allowing to pass.
Firewalls added needed intelligence to the ACL function of perimeter security by allowing security professionals to build rules for access without having to know the specific addressing.