| Together with the Internet development in 21st century, the network strong message resources have brought enormous convenient to the user, but at the same time also gave the net user to bring the security problem. Recently several years statistical data indicated that, the computer network security present situation is extremely anxious. Specially, in the massive attack, comes from the computer network interior attack rise to be quickest. The majority enterprise all believed that, compares with exterior threat, the internal safe threat is more dangerous to the IT system. Since long ago, when carries on with the computer network safe correlation research and the work, usually emphasis places how copes with network threat comes from outside the local. The people usual supposition local network interior is safe, thought mainly safe threat comes from the outside the local network, specially these have the connection and the Internet connected network. How regarding eliminates comes from the local network interior attack (direct or is indirect) and so on not the security-hidden danger, has not always obtained the value which should have. Therefore, comes from the internal attack aspect in the guard, lacks the effective defensive measure. All is generally after comes from the network interior attack to occur only then tries to recover, can not be able beforehand to attack eliminates. In recent years proposed the distributed firewall technology is one kind of brand-new firewall system structure, it comprehensively retained the traditional network firewall superiority, at the same time extends the firewall to the internal network terminal, while completes the foreign security defense work well, can carry on the guard to come from the network interior attack. This article included six chapters. First chapter brief introduction development background, as well as research significance and correlation research progress. Second chapter first summarizes the introduction network security basic situation, the network attack goal and the characteristic as well as the solution network security question method and the technology, then discussion tradition firewall system structure, realization technology and its regarding solution network security question merit and insufficiency; And the contrast tradition firewall regards as an internal network end user is may trust, but an exterior network end user then all was taken the potential aggressor treats the characteristic, proposed the distributed firewall concept, the distributed firewall is regards as Internet and internal network "unfriendly", finally carries on the brief introduction to the distributed firewall system structure and the merit. Third chapter first introduce the knowledge and the technology related firewall distributed, and analyzed each kind of realization model and the solution of the distributed firewall, and carried on the analysis comparison to them. In this chapter has also carried on the introduction and the analysis to several overseas distributed firewalls products. From this obtains the knowledge of the distributed firewall system structure and the realization plan, for designs a distributed firewall system to prepare. Fourth chapter and front the fifth chapter is based on the two chapters introduced the distributed firewall related technology, has analyzed our country small and medium-sized enterprise and the office present situation, proposed and designs realizes the distributed firewall which is suitable for the small mix network use. In the distributed firewall realization process, considered filtered the procedure to the package already was a very mature technology. And because the vigorous and healthy of Linux, the reliability, the flexibility as well as resemble the infinite scope to be possible to have customization the nature but to change extremely in the IT field receives much welcome. Linux has the ability which in many sets, enables the development personnel to be possible according to own need to have customization, the behavior and the outward appearance, but does not need the expensive third party tool. In the newest 2.4.In x edition Linux essence integrated the IP information packet to filter system -netfilter/Iptables. Therefore takes the experiment in here, we use the Linux system to take the platform, uses the C language to carry on the network communication and the connection development. And the main introduction strategy execution package filters the realization which the system and between the administrative center and the strategy execution strategy provides. Finally has carried on the summary in the article, in brief the distributed firewall technology solves a network security question new system structure, it while displays the firewall traditional superiority, has made up the boundary firewall insufficiency. Uses the distributed firewall system to be possible to be the network security manager regard the entire network as an overall system carries on the management, issued the unified security policy, while reduced network security system complex maximum limit to safeguard the entire network security.
|
PDF Full Text Request