| Along with the progress of network technology, distributed network application is expanding day by day. And the security problem that it must face to is also more prominent. Network border security is implemented by firewall technology mainly. But the tradition firewall system, the hybrid firewall system and the distributed firewall system all cannot adapt to the distributed network circumstances well.The main work of this dissertation is researching how to fuse the traditional firewall technology into the multi-access points network, which is a important application of the distributed network and to make this mature security technology exert its power under the new conditions. The purpose of the work is to solve the multi-access points network security protection problem by utilizing the existing resource sufficiently. Furthermore, the research on the firewall system usability problem is done to achieve the target for promoting its performance and strengthening its manageability.First, the dissertation points out that the secure examination should be carried on in each access point and the firewall modules forms a peer-to-peer network by analyzing the multi-access points network characteristic. According to the above, a design for clustered firewall system is brought forward. Each firewall module is composed of certain function modules. Its core is the strategy-executing module to implement the traditional stateful inspection. The information-collecting module collects the data used by stateful inspection in the P2P network formed by all the access points. It constructs the foundation of the distributed stateful inspection. The information-querying module exchanges messages among access points. It enhances the usability and the controllability of the firewall system. The load-balancing module balanced the task loads among access points. It enhances the system robustness.Second, a distributed stateful inspection foundation algorithm is put forward.
|
PDF Full Text Request