| With the development of Internet, this single entry point is more and more thought as a performance bottle-neck and a security hidden trouble, and the same time, the inner network is reliable, is proved to be connectless in fact. Concept of distributed firewall is introduced to eliminate these shortcomings. The distributed firewall takes on the architecture that the Control Center makes security policy and many node firewalls execute the policy, and effectively solves the abuse raised with the more and more policy and the inner network's security.This paper design a new type distributed firewall, based on analyzing the typical distributed firewall. It weakens the function of Central Center, and puts some of the function on the node firewall. Two models have been presented, and this paper designs the transport policy on the two models separately. Model 1 reserves a central server to record the address information of all the node firewall, and implements a transport protocol. The firewall in Model 2 is built on the total distributed structure. It improves the Gnutella protocol to find the address of the node firewalls, and design an information distribution policy.Based on the model 1, we illuminate the analysis and design of every function on the new type distributed firewall in detail. We make a special research on discovery of policy anomalies model and the model of Encryption and Authentication., making a research on the secure transport policy among the node firewall's co-operation and communication. Establish a secure channel to provide the policy transportation. |
PDF Full Text Request