| In some large-scale computer network that provides key sensitive service to the military, financial etc., the security is one of its main factors. Current network inside service and new technical adoptions play increment, satisfied the applied need on the one hand, on the other hand increased the opportunity of safe loophole and network attack, forcing to increase and update security devices continuously. The security system follows the so-called "wooden pail principle", the safety of namely whole system decided by the weakest part inside the system. Therefore, to decline safe risk to the lowest degree, the only way is to gather every kind of devices for security, unify the management, integrate them, setting up successive lines of defence. Moreover the increment of the provisions for security causes management of them becomes an important part of network security. To manage and control numerous, various, complicated, and dynamic security hardware, security applications and security events in the large-scope network is named network security management (NSM).This paper designed a policy based NSM using the XML, and realize a prototype system. The prototype system provides a 3-layer architecture in the midware level to support isomerous components, and ad hoc protocol are used to communicate between midware and components. As a hardcore, the platform realized the strategy-driven mechanism; it also examined grammar and semantic of the strategy by the use of a third-party tools on strategy management. The system makes use of the XML language describing related NSM resources to attain unified and integrated management. The target of system design is to manage every kind of network devices for security in sophisticated network circumstance. Using united software interface control and manage various devices from different vendors. The network security management system hopes to be scalable, dynamic etc. |
PDF Full Text Request