| As the first barrier to protect LAN and a very effective means to achieve security, firewall is the most abroad network security technology at present. Its aim is to control accessing and data transmission between interior and exterior; thereby firewall can filter bad information and protect interior information from exterior unauthorized users' accessing. Firewall has been a very important security mechanism, and plays an important role in network security.Firewall security, just like any other technologies, requires proper management in order to provide proper security services. Thus, just having firewalls on the network boundaries or between sub-domains may not necessarily make the network any secure. One reason of this is correctness and redundancy issues .Manual configured firewall rules may be not agree with network manager's original intention; and large number of filtering rules can bring redundant rules, which make firewall management more difficult and decrease its throughput.To the firewall rules' correctness question, we bring up a kind of analytical and translating method. The system analyses each rule, modifies it according to its context, and translates it to natural language, helping manager judge the rule's correctness.To the redundancy question, we bring up a redundancy-detecting method. By using detecting algorithms to locate the redundant rules, network manager doesn't need to look up in large number of filtering rules. And the system also provides the rules which cause redundancy, helping manager modify the firewall.This system provides a powerful tool to the Linux Network managers, who wish to configure Netfilter/Iptables firewall. |
PDF Full Text Request