| Security is an important problem of network since the latter appeared. People take a good many measures to protect their hosts and network, including access control, authentication table and the most important one: firewall. The traditional firewall relies on the topological structure of intranet, it lies between enterprise intranet and internet, controls the network access. We call it "Perimeter Firewall" therefore. The Perimeter Firewall can work well only in those networks with a single entry point and small amount of hosts. Another shortage of Perimeter Firewall is that it believes that any host from- the intranet is safe. However, with the rapid development of the network, the topological of intranet become more and more complex, the potential security problems increase accordingly. Apparently the perimeter firewall can't meet the need of security any more. Then Distributed Firewall appears. A Distributed Firewall preserves central control of access policy, while reducing or eliminating any dependency on topology. It can also resolve several other problems that traditional ones can't. This thesis will describe the principle and key technique of the distributed firewall. Then design and realize a distributed firewall system.
|
PDF Full Text Request