Cims In The Information Security Model And Technology

The paper mainly studied the establishment and the technical implementation of information security strategy in CIMS.With the extension of CIMS in the large-scale industry in our country, the information level of industry will gradually improve. Therefore, the information security will be more important for the successful application of CIMS engineering in industry. Because of its deficiency and shortcoming, traditional firewall technology is not good enough to protect the information of CIMS, a distributed system. Distributed Firewall System, a new conception, will undoubtedly be an appropriate choice. The paper analyzed the framework and function of Distributed Firewall System, and made a deep study of its three important function: MAC Address Filtering, Dynamic Packet Filtering and Traffic Management.With the high speed of the development of Internet Technology, Enterprise Information System will be in a trend of globalization. WEB server will be widely used as the platform for the issue and exchange of enterprise data. But for the security of enterprise information, it should be set up that the limited-open mechanism of enterprise information. The regular method of security checking is to set up an authentication mechanism for identifying the users by means of user password and IP address. But in the internal enterprise network, the allocation of IP address is usually dynamic. Since no static IP address, IP spoofing is very easy to do. Considering the fact that MAC address is unique and static, MAC address can be used for user authentication. At present, it has been proved to be simple and effective that the security authentication mechanism using MAC address. Whereas the fact that IPCHAINS can not support MAC address filtering, in the chapter III, I discussed the implementation of MAC address filtering under the kernel of Linux 2.2 at length, analyzed the travel of packet in the IPCHAINS, the key function and data structure of IPCHAINS firewall, and transacted the MAC address information between the kernel and user space.Dynamic Packet Filtering, also named Stateful Inspection, is the extension of function of traditional Packet Filtering. At the present time, Dynamic Packet Filtering is usually implemented in the Firewall Products of big companies engaged in Network Security. In the source code of NETFILTER in the series of Linux 2.4.X, the function has been implemented,III CIMS中信息安全模型的建立及技术实现and the user program is IPTABLES. In chapter IV, I discussed the deficiency and shortcoming of IPCHAINS firewall, the dynamic packet filtering under the framework of NETF1LTER, analyzed the connection tracking of FTP application protocol, and implemented the connection tracking of IRC application protocol by myselfFor the moment, the firewall with the function of Traffic Management is very popular in the market. The kind of firewalls made by global Network Security giants appear in the market, such as the Checkpoint's FireWall series, the CISCO'S PIX FIREWALL series. As a matter of fact, whether or not the function of Band Control is the important performance guideline for weighing high-end firewall products. In chapter V, I discussed the basic principle of traffic management and how to make a concrete implementation of traffic management under Linux, analyzed the source code of Linux traffic management in detail.