| With the high-speed development of Internet, Internet applications have been a more and more integrated part of the daily lives of people. The trust relationships have been more and more complex and the traditional firewall infrastructure built on the traditional trust model in which all the hosts inside enforcement point of a firewall are trusted and none of the hosts from outside is trusted is not adaptable in the current Internet application environment.This thesis on the basis of Steven M. Bellovin' s distributed firewall concept analyses the problems a traditional firewall faces, describes advantages of distributed firewall, puts forward the detailed objects of distributed firewall, and builds up a relatively complete prototype of distributed firewall.In the principal part of the dissertation, the two key technologies adopted by the prototype, the management mechanism of distributed firewall system and IPSec network layer control enforcement mechanism with trust management approach, are analyzed and discussed in detail.In describing policy management mechanism of distributed firewall system, this dissertation analyses complexity of system and management, puts forward a reasonable system management model, explains KeyNote trust system, discusses distributed management and policy composition, and describes the problem of policy update and revocation.
|
PDF Full Text Request