| As informationlization and networklization become general tendency of current society, information share has been spread quickly. For the moment, how to prevent network system from illegal attack and destruction, how to protect confidential data from been filched-network security-is becoming more and more important. The firewall is regarded as important technology for protecting network's security.It is not enough to ensure the network's security if only firewall used. A integrated network security scheme should integrate firewall with intrusion detection. This paper puts emphasis on intrusion detection technology and firewall technology, then analyses the architecture of Linux - Netfilter - in details.At the present time, secondary development based on open source is one of the hotspots of computer applications. Except of mature enterprise-level firewall products, most used are cost-free. So, this paper put forwards the network security project which aim at medium or diminutive customers. Its purpose is reducing various costs on the basis of insure the security of network. The research works mentioned in this paper are:(1) It studies the structure of Netfilter. It implements the DMZ firewall with iptables on Linux.(2)It implements log detection - routine inspection and real-time surveillance -bases on Linux firewall.(3)It implements firewall configuration and administration interface, being convenient for long-range operation.(4)It designs and implements log administration interface.
|
PDF Full Text Request