| Internet is open, international and unrestricted, which is the reason why people attach great importance to its security. In recent years, hachers'frequent attacks bring a great deal of trouble to Internet's security. Traditional security system that is based on firewall is now not strong enough to provide perfect protection for networks which require high rank of security. Consequently, Air Gap technology appears. Air Gap consists of software and hardware, and it is the better network security solution compared with firewall. This article presents how to enhance the secutiry of the Linux's kernel on the outer processor of the Air Gap, so as to help Air Gap performance stably. At first, the basic principle and application of Air Gap and why it can provide higher rank of security compared with firewall are presented. Then the inside structure of the Air Gap in our studying group is described, and why we use Linux as the operating system on the processors in the Air Gap is explained, and what this article focuses on is told and that is: How to use Netfilter+iptables to set up firewall for Linux, how to use Linux kernel variables to strengthen firewall and how to use LIDS to enhance Linux's kernel.. In the following chapters, the three kinds of network security technologies we used here are discussed. They are Netfilter framework+iptables, Linux kernel variables and Linux Intrusion Detection System(LIDS). And then how to use them to add three lines of defence for Linux's kernel on the outer processor of the Air Gap is presented. At last, there is a conclusion of this article's contribution and the problems that wait to be solved. |
PDF Full Text Request