| The thesis mainly focus on configuration and control software, explores performances of large-scale filter rules, management and implements the function in the system to auto-manage rules from remote.In order to improve the efficiency in managing rules with large scale, we analyze capabilities of the system from step by step. When there exists mass rules in the system, Direct Managing CAM Method needs most time to handle rules, and Indirect Managing CAM Method needs most space. They are neither efficient to satisfy the system. Therefore, we resort to Patricia Trie mechanism, and present a more efficient way to manage CAM rules with less time and space. Optimized Indirect Managing CAM Method in the real running circumstance shows a marked performance. It decreases rule-handling time down to several milliseconds which is 100 times less than Direct Managing CAM Method in the worst condition, and saves 30% additional space in searching rules.For remote auto configuration, we discuss why choose TCP not UDP as transporting protocol request/reply message mechanism, how to identify rule records in TCP streams. By testing relay of RCP in an isolating ethernet network, we evaluate how transport relay affects rules processing time. Finally we accomplish a high efficient and reliable remote configuration protocol that dose not restrict'from the length of the message and is available to auto-request mass rules for our security system.In order to manage the security system efficiently, we furthermore present a command line interface based on command tree technique. Like Unix shell, manager can type commands through CLI to operate the system and maintain the system in good conditions.
|
PDF Full Text Request