| With the development of next generation Internet (NGI) and high performance network technology, the network perimeter is indefinite. As the " secure gate " of the network, firewalls have become the extremely important device for the network. Facing the network attacks, the traditional firewalls can only offer passive defense. This would result in the negative influence for the network security. Thus, it is important to enhance the defense ability for firewall itself and active defense technology must be introduced into the research and design of firewalls.Nowadays, because the wide use of virtual private network (VPN), the security efficiency of firewall has been disturbed by the tunneling technology, which is one of the key technologies for VPN. When a tunnel passes through a firewall, it seems that a "hole" has been made on the wall. The result may be calamitous. So, the next generation firewall should have the ability of managing tunnels and understanding the relative technologies. By analyzing firewall technology, tunnel technology, proxy technology and access control technology, this thesis proposes a firewall model with tunnel proxy zone, which supports the proxy of layer two tunneling protocol. The followings have been discussed and researched specifically in the thesis: (1) To propose tunnel proxy zone and tunnel proxy model for firewallsIn the thesis, three kinds of tunnel proxy model have been proposed and discussed. The models are voluntary tunnel proxy, mandatory tunnel proxy and transparent tunnel proxy. The thesis puts forward the idea of managing tunnel lifespan and sets up the tunnel proxy zone (TPZ) for firewalls. The basic principle of TPZ is that all tunnel messages should be redirected into TPZ and will be audited by the tunnel proxy system. When a tunnel passes through the firewall, tunnel proxy system can supervise the tunnel, record the tunnel and reappearance their behaviors while needing. If a firewall wants to proxy a...
|
PDF Full Text Request