Centralized Control Of The Design And Realization Of The Firewall In The System Environment

In recent years, with the constant development of the computer network andglobal informationization, the computer and network information become animportant problem. Make use of technology of firewall to strengthen the security ofthe network and is favored by people more and more.The merits of the firewall that the paper focus on is to make the long distancecontrol end centralize the firewalls based on the network through the setting theagence of the firewall and the long distance center control communicating. Becausethe major protecting work are setting on the firewalls, this action break the topologicstructure of the traditional firewall. The new method is carve up the network based onthe protecting rules that administrator drawed. Moreover, when the agent is notrunning, the firewall we focus on can be regard as the ordinary firewall.There are two kinds of methods that the firewall filter the network message.onemethod is aimed at the head of the message, such as to limit the using of the FTPthrough the port number of the head of the message. The other is the method based onthe content of the message.such as to filter the uncivil word. This major project of thispaper is the method based on the head of the message. In order to make the scope ofthe filter deal with all the net message, under the kernel mode, we choose the fitlertechnology based on the NDIS. This method is not only entirely capture the all netmessage, better transplanting character, but also have many append , functions, suchas the conversion among different net mediums, the loading balance among severalnetwork card and so on. The communication between the application and the driver isbased on the dynamic linking. This method can make the driver transparence to theupper application. The application is not to consider the implement of the driver but totransfer the interface of the driver in the dynamic linking library. That markedlyimprove the transplant of the system code.In the firewall center control system, inserting the agent of the firewall make thecenter control end not consider the implement of the firewall. This action strengthenthe expensibility of the system, make the conter control end control different firewallthrough different agents.