| Network security is the most import problem since network is appeared, in order to protect the network security many security protocols and technologies are used, among them firewall is the most basic and important technology. But with the development of more distributed network and the advent of many new network technologies, such as extranet, telecommuting, point-to-point encryption and computation-intensive security protocols, the shortcomings of the conventional firewalls are more and more exposed. In order to eliminate the shortcomings of the conventional firewalls, the concept of the distributed firewalls is proposed. In the distributed firewalls, security policy is still centrally defined, but enforcement is left up to the individual endpoints. The distributed firewalls solves many problems of the conventional firewalls and meets the need of network developmentThis thesis first introduces network security and the conventional firewalls technology and points out the problems that the conventional firewalls faced. Then lucubrates the structure, key technologies and advantages of the distributed firewalls and designs and implements a distributed firewalls system based on IPSec. This system is made up of three parts: policy executor, policy control center and IPSec communicating. The policy executor is run on the protected host and executes the security policy that received from policy control center. The policy control center registers the protected host, edits the security policy and distributes it to the protected host. The IPSec communicating part is up to preventing the inner attack. This thesis introduces the constitutes and key technologies of each modules of each part and implements it on Redhat Linux operating system. This system solves the problems of single point and inner attack of the conventional firewalls. |
PDF Full Text Request