| For the diversification of network intrusion, individual security technology can not satisfy the present security needs. So we introduce a new distributed firewall system called active-firewall. Through the adoption of NAT, VPN, OTP technologies and with the cooperation and correlation of Intrusion Detection, Vulnerability Assessment, the active-firewall can defend "actively".This paper is divided into two parts: The first is active-firewall system framework design including correlation design in active-firewall, and the hardware firewall design based on Embedded Linux. The second part is implementation of security extension Embedded Linux kernel and of General Security Interface.This paper designs a correlation framework in active-firewall system that includes Correlation Policy Interface, General Security Interface and Security Information Management. Administrator manages system using Correlation Policy Interface. By using encryption and authentication, General Security Interface transfers data safely. Security Information Management normalizes and analyzes logs of different security devices. Once IDS detects intrusion or Scanner finds weakness, SIM reports to firewall and requests firewall to modify filter rules through General Security Interface. That's so-called active-firewall system.On the base of comparison of two kinds of firewall - software firewall, hardware firewall, considering the performance and cost, this paper designs and implements a hardware firewall based on Intel x86 industry board and Embedded Linux operation system. As the basement of active-firewall, General Linux kernel can not satisfy the security needs. After the study and analysis of Linux kernel security, we implement a security extension Embedded Linux kernel based on Linux capabilities. Linux capabilities is a Mandatory?Access?Control module, and it can protect file, device, process. |
PDF Full Text Request