| This paper firstly introduces the fundamental theory of the network security, core technology, the system structure of the firewall and linux firewall tools. Then for the purpose of meeting the security requirements of an enterprise network, it designs a system security structure of the network under a typical enterprise environment. The paper is focused on the firewall and presents a total security solution for the enterprise Intranet. The design consists of several modules: Package Capture Module, Package Filter Module, State Inspection Module, Intrusion Detection Module, NAT Module, Access Control Module, Audit and Log Module, Flow Management Module, and Authentication Module.The paper puts the core technology of the firewall into its implementation practice. In State Inspection Module, it establishes and analyzes TCP state and makes the arithmetic of the TCP State. It proposes an implementation scheme of the UDP package as well. In NAT Module, it realizes network address translation, load balance, and transparent proxy. In addition, it makes an extension function -flow management, and adds an intrusion detection module for the dynamic resistance. All of these measures make the system be able to resist many kinds of attacks. |
PDF Full Text Request