The Research In Distributed Firewall Based On Access Controller

Firewall is one of the key technologies of Network Security. With the rapid development of the technology of IT and the rapid popularization of corporation network, it is impossible to solve the more and more significant problem of Network Security only by Firewall. It has already been a great development trendency that setting up the security network system which is taken firewall as its core.At first, comparing to Traditional Perimeter Firewall, Distributed Firewall's(DFW) advantages are analyzed in this paper, and then an embedded research is put up for the concept, theory and system configuration of the DFW and the task and characteristics of the DFW is obtained definitely. On this basis, the combination of the concept of Policy Enforcement and firewall technology, DFW security system based on Access Controller is designed in which Access Controller takes place of the network firewall of traditional distributed firewall The realization of Access Controller in firewalls Changes the passive situation of the firewall in network attacks. It adopted the strict enforcement against access users to ensure the security of enterprise network. It obtains the latest security policy and security agent's authentication information from the policy management server and acts a thorough verification on the authenticity of the security agent and the degree of implementation of security policy to ensure the safety of access users. According to the different functions and control targets, the Access Controller can be divided into the external access controller and the internal access controller. The external one is deployed between incoming door and outcoming door and then it checks in all the users, especially the users from the VPN connection and the wireless users. The internal one is deployed in the inside enterprise network. The combination,which assures that the legal users are all secure, of IEEE 802.1X protocol and DFW is realized by the internal Access Controller. The paper focuses on the operating principles of two access controllers in DFW, the design of the certification process and the method to achieve. At last, an explanation project of security policy is brought forward.The system's core is the policy management server which is responsible for the management of users and computer groups, the formulation and distribution of security policy. It connects to the access controller and security agent through five different communication modules and background database system. Security agent should carry out policies specifically. It is responsible to download and implement the latest security policy, to provide the policy management server with the audit log and policy managers with security report. The paper focus on the realization of the core test module, IP encryption module and application detection module in security agent.