| Conventional network firewall is belong to Perimeter firewall, depends on network's physical topology to implement its security policy, and assumes that the protected inner network must be reliable. With the development of Internet, this single entry point is more and more thought as a performance bottle-neck and a security hidden trouble, and at the same time, the assumption, the inner network is reliable, is proved to connectless in fact. As another firewall solution, distributed firewall takes on the architecture that the Control Center makes security policy and many node firewalls execute the policy, and effectively solves the abuse raised with the more and more policy and the inner network's security.The Important problem with distributed firewall is how to manage all policys and how to establish the effective and reliable communication. After analysing several security models, this paper puts forward HywaveGuard security model, this model adopts the certificate signed by the Control Center to identity the Node, and creats the trustful relations between nodes by digital signature and authentication. The Control Center is responsible to make and distribute the policy, keys and certificates.The vital information between node is thought as a policy and is denoted by a policy language - Hgnote. In every policy, there must be some security authentication information,such as one policy Authorizer, one Licensee, one TimeStamp, one LifeTime and a digital Signature, and some policy management information:At last, this paper designs and implements a HywaveGuard model's instance based on Windows OS. |
PDF Full Text Request