| Firewall as the internal network and public network's information security support equipment, has been widely applied in the range of network access.The firewall sets filtering rules to achieve the shielding of certain elements in order to avoid an unauthorized access to computer systems and keep information security. Ever-changing network threats make filtering rules need to be updated. Therefore, to ensure that these constantly changed rules comprehensive compact and non-conflict is to keep high efficiency and reliability of the firewall technology base.As the firewall based on packet filtering, so this paper focuses on packet filtering technology and packet filter operations. After analysis and conclusion, we give a Linux firewall filtering method and possible solutions to the problems which exist in the firewall.In this paper, we carry on deep research to the firewall rule set. Through the introduction of set's concept, we put forward the anomaly's modes: shielding anomaly, correlation anomaly and redundancy anomaly. We focused on anomaly detection technology, in-depth analyse and design the anomaly detection approach that facilitate to solve security problem in firewall caused by improper rules.To improve the efficiency of a firewall filter, we have given policy tree method to merge rules, and propose merging algorithms which can use in the non-conflicted rule sets. Combination of anomaly detection algorithms and rule merging algorithm, this paper presents a firewall rule set optimization solution.Finally, we build a firewall and network models to detect the firewall rule set optimization solution which proposed in this paper. Test results from the analysis can show that for a given firewall policy, using this optimization solution, we can complete the entire process of test and optimize and achieve the desired results. |
PDF Full Text Request