High Level Of Security Firewall Core Technology Research, Design And Implementation

The critical technology of firewall is studied andimplemented in this paper. At the same time, the total solution fornetwork security is studied and the system do it's best to support EC.In the process of design, there are a few new technology are used.security firewall OS: the OS is authenticated by authority, has owncopyright, the level of security approach B1, the performance of OSdecrease little. Stateful inspection: all protocol layers of IPpackets which pass through firewall are parsed. State machine areestablished and monitored for TCP packets. Virtual connections arecreated for UDP packets. ICMP packets are parsed to decide connectionswhich have the relation to the packets. The semantics of application layerare also parsed. Packet classification technology: 2─dimension PATRIEalgorithm is adopted in the system. The algorithm is extendedfrom l─dimension in NET/3 to 2─dimension. the algorithm is not the bestin theory, but it is fine in performance after we test. Efficient keymanagement technology: SIKE is adopted,which is developed from IKE, hasall advantageous of IKE. Only pre─shared authentication is used andthe efficiency is improved. Authentication technology: the idea thatprotocol is isolated from scheme, authentication module isisolated from other modules is used. The result of authenticationis communicated by related protocols with firewall other parts. Itis easy to integI'ate other authentication modules. Now, we have only useS/KEY and FWN1 as our authentication method. Fine granularity accesscontrol:ACL and MAC are implemented in the system. MAC define finegranularity access control ─the access control policies for user andthe operation objects. for exmples, we can define a user can only reada URI resources. Dynamic management for supporting prDtocols andservices: according the need of appl ication, new modules of supportingprotocols and services can be added easily. Network addresstranslation, loading─balance and transparent proxy: the technology isthe critical for high performance of firewall.In the process of system design, the flow of software engineeringis adopted. All modules are integrated after strictly tested and thesystem is stab1e. At the same time, we find our firewall is a compromisef functions and performance.