Policy-based network security management is one of the latest developments in network and distributed systems security management. Academic and commercial settings, as well as standardization bodies are concentrating on policy-based network security management as a very promising solution for security management of large-scale distributed systems. The thesis is major in researching the issue of designing and implementation of policy-based network management system.This paper have deeply researched policy-based network security management, especially to Model of Ponder policy management and its implementation .Based on the researching we have designed and implemented a policy-based network security management system, combining low-level security mechanism the system has extended Ponder compiler and so expediently define policy for distributed firewall .access control of network and file system . The system also has implemented a graphical toolkit which is integrated with functions of management domain , resource ,log and policy , which provides some convenient interfaces of network security management for security administrator. The system has implemented the architecture of deploying and managing policy that is independent to low-level security mechanism, and effectively sustains for auto-distributing policy .management policy in runtime , self-reacting changing of the managed objects .linkage between security mechanisms .The security management system introduced in the thesis can centralizly define , deploy and enforce policy. Relative to traditional network security management system , it has better scalability and flexibility and provides a new technology approach for security management for network system. |