Design And Implementation Of Application Proxy Firewall The Central Audit Log Subsystem

This paper addresses the design and implementation of central log auditing subsystem for application proxy firewall. The tasks of central log auditing subsystem are to monitor the behavior of the firewall system, to obtain the actual running state, to find out the hidden trouble dynamically, to give out alert when detecting suspicious security problem, to access the reliability and validity, to assist administrator in updating the configuration and to reduce the management difficulty. Central log auditing subsystem not only implements all basic functions of firewall log auditing system successfully, but also adds lots of extended functions such as remote log and central management for distributed firewall systems.In introduction chapter, I present an overview of firewall technologies and theories, put some emphases on the strongpoint and features of application proxy which my system is intended to enhance, and point out the position of log auditing subsystem in the whole firewall architecture.The central log auditing subsystem adopts Client/Server mode, and will provide services for several firewall systems. Besides functional requirement, the performance is an important aspect during design and implementation. In the second chapter, I address the system target and architecture, and bring forward the running performance demand. The detailed methods to reach that requirement will be discussed in the following chapters.This system consists of two main parts, i.e. collection and transmission of firewall log data and central log auditing and analysis. Chapter 3 is for the first part, including the principles and methods of defining log data, selecting the audit point and encryption algorithm, fulfilling the transmission of encrypted log data and etc.Central log auditing and analysis module is made up of two subparts, i.e. theserver and man-machine part. Server is responsible for receiving, filtering, decoding, arid storing the remote log data into original database. Background analysis thread will extract the content of original database, reconstruct the session and generate the intermediate database. With the knowledge base, server will give out alert when necessary. Meanwhile, configuration of knowledge base and server and user management will also be achieved. Chapter 4 puts focus on the design and implementation of server.Also, in the chapter 4, 1 introduce the friendly man-machine interface of central log auditing system, like the convenient query means, clear-cut visual show of firewall state, helpful security tips, and etc.Chapter 5 is the summary of this thesis.