Study And Design Of The Firewall System Which Is Based On Postal Network

This thesis's research objective is scheme out firewall system which having idiographic function (algorithm) for postal network's actuality. Based on studying firewall's technology and seeing about postal network, devising firewall which having predominance for DDoS defense. The firewall applied to network security scheme of postal business system. This research finding has more use value and wider application area.This thesis introduced the computer network security, firewall's system framework and the key technology and the Linux firewall tools. Description based on the Linux kernel firewall module design principle, and the simple design Linux firewall and several algorithms related functional modules: intrusion detection, VPN and current control. Analysis of the current most common and most difficult to defense Distributed denial of service attacks (DDoS) status quo. On the existing four DDoS defense strategy and technology: reducing harm, current limiting, filtering, and tracking the source of DDoS attacks, DDoS attacks focused on tracing the source of several technologies (link testing, random sampling method, dynamic Security Association tracking, traffic records), for the active defense of the network has a major significance.In this paper, these DDoS defense technology on the basis of innovation and enterprise networks with the Post in the design of a new detection algorithm. Enterprise network traffic is the change in the trend of business development, historical data flow analysis can be in accordance with the time to predict the future trend of the normal network traffic, with the flow as a threshold at any time with the current flow to do comparison, the current flow over abnormal network traffic has stated, there may be DDoS attacks. Therefore, the calculation of normal flow threshold is the key. In this paper, based on extrapolation of trends in the theoretical foundation proposed a threshold flow forecast a mathematical model of network traffic through the analysis of historical data has been selected for the appropriate model, and by the least square method projections forecast by the normal flow valve Network value of the formula, and can accurately describe the function of the network traffic fitting extent verified. Followed by the new algorithm - based on the firewall router-flow backtracking algorithms: Use firewall testing through its own current flow when the flow of traffic than forecast threshold, that there may be DDoS attacks, At this point firewall analyze the threshold current router traffic is abnormal, anti - DDoS attacks to track the source. After the algorithm, an analysis of the full binary tree network attacks, the tree entirely trigeminal network attacks circumstances process backtracking on the number of hours the impact of the results and recommendations of the defense system in the process for the best number. And the new algorithm will be designed with existing DDoS attacks source tracking techniques were compared, pointed out the advantages of the algorithm.At the end of the paper explored suitable business environment in the network security system to support the current system of postal business among network security needs; proposed a firewall system design, the design of good Linux firewall security for the core, Post gives a company's network for overall security assurance mechanism, using Linux firewall systems for the postal business among cities and counties to make a province of three network security solutions.