| Conventional firewall, which belongs to perimeter firewall, is subject to single-entry point and a performance bottle-neck. Furthermore, it relies on the notions of topology to implement the security policy. With the incredible development of network, the disadvantages of conventional firewall are more and more prominent. Under this circumstance, the concept of distributed firewall was proposed. Distributed firewall solves the problems of conventional firewall by distributing the firewalls to the hosts which should be protected.Distributed firewall is relatively new technology, which does not have matured prototype yet. This thesis surveyed the developments of distributed firewall and analyzed the current situation. After that, this paper proposed a distributed firewall prototype based on proxy firewalls. Each proxy firewall protects a specific server, and captures policies from IDS interacted. The policy cooperation mechanism is the basic concept to ensure this distributed firewall prototype to work effectively.This thesis emphasize on the design and implementation of policy cooperation mechanism. After discussing three policy cooperation mechanism, which called completely distributed policy cooperation mechanism , extend distributed policy cooperation mechanism and policy cooperation mechanism based on control center, this paper analyzes the advantages and disadvantages of each method, and then selects the policy cooperation mechanism based on control center to design and implement. This mechanism includes policy receipt, policy distribution, policy presentation, policyanomaly-test, the loading and execution of cooperate policy etc.Finally, this thesis implements an instance of this distributed firewall prototype based on Linux OS. |
PDF Full Text Request