| The features of Internet and its protocols set-TCP/IP decided they couldn't maintain a secure and reliable network protection because of their fatal flaws, this mechanism essentially results in big security problems which brought us into troubles sometimes even disaster. Firewall system as a branch of computer security techniques, has been done a lot of research and still couldn't achieve a perfect solution. How to build a relative secure and reliable network running environment based on multi-level contronl of firewall system becomes our main purpose in this paper.After been doing plenty research on the long process of firewall system development, we decided to establish a safe network gateway model prototyping based on Linux p latform. By utilizing the features of netfilter in Linux kernel space and iptables mechanism in the user space, the PLBDHG(Prototyping A Linux-Based Distributed Hybrid Gateway) has been built and could implement multi-level protection in our network system. This is a significant and meaningful research .PLBDHG is based on Linux platform, designed under multi-tier secure protection and optimized system security policies. For gaining better protection and efficient access control to the network, the model combined high protection built in both network layer and application layer. By analyzing the protocols in network layer and application layer, this model achieves the functionality which includes not only stateful packet inspection , dynamic packet filtering, NAT and Proxy server, but also data filtering, IDS, rule-based access control connection tracking and load balancing of LVS etc. This security prototyping integrates all these functions into one, makes them work collaboratively and efficiently, to maintain a secure and reliable network running environment. At last part of this paper, author also gives out the conclusion and some suggestions on the further research of this project. |
PDF Full Text Request