Design And Implementation Of A Distributed Firewall System

Network security is the most import problem since network is appeared, in order to protect the network security many security protocols and technologies are used, among them firewall is the most basic and important technology. But with the development of more distributed network and the advent of many new network technologies, such as extranet, telecommuting, end-to-end encryption and computation-intensive security protocols, the shortcomings of the conventional firewalls are more and more exposed. In order to eliminate the shortcomings of the conventional firewalls, the concept of the distributed firewalls is proposed. In the distributed firewalls, security policy is still centrally defined, but enforcement is left up to the individual endpoints. The distributed firewalls solves many problems of the conventional firewalls and meets the need of network development.This thesis first introduces network security and the conventional firewalls technology and points out the problems that the conventional firewalls faced. Then lucubrates the structure, key technologies and advantages of the distributed firewalls and designs and implements a distributed firewalls system based on IPSec. This system is made up of three parts: policy executor, policy control center and IPSec communicating. The policy executor is run on the protected host and executes the security policy that received from policy control center. The policy control center registers the protected host, edits the security policy and distributes it to the protected host. The IPSec communicating part is up to preventing the inner attack. This thesis introduces the constitutes and key technologies of each modules of each part and implements it on redhat linux operating system.This system solves the problems of single point and inner attack, the test result shows that the system provides an effective security IPSec communication between hosts and prohibits unauthorized TCP/UDP connection to the target hosts, implements a typical application of a distributed firewalls system.