| Nowadays, with the popularization of computer network, the problem of network security is becoming worse and worse. As the mainest and the most basic foundation for network security,firewall has been accepted for most users. But with the development of more distributed network and the advent of many new network technologies, the shortcomings of the conventional firewalls are more and more exposed. In order to eliminate the shortcomings of the conventional firewalls, the concept of the distributed firewalls is proposed. In the distributed firewalls, security policy is still centrally defined, but enforcement is left up to the individual endpoints. The distributed firewalls solves many problems of the conventional firewalls and meets the need of network development.This thesis first introduces network security and the conventional firewalls technology and points out the problems that the conventional firewalls faced. Then lucubrates the structure, key technologies and advantages of the distributed firewalls and designs and implements a distributed firewalls system based on Linux. This system is made up of three parts: policy executor, policy control center and IPSec communicating. The policy executor is run on the protected host and executes the security policy that received from policy controlcenter. The policy control center registers the protected host, edits the security policy and distributes it to the protected host. The IPSec communicating part is up to preventing the inner attack. This thesis introduces the constitutes and key technologies of each modules of each part and implements it on redhat linux operating system.This system solves the problems of single point and inner attack, the test result shows that the system provides an effective security IPSec communication between hosts and prohibits unauthorized TCP/LTDP connection to the target hosts, implements a typical application of a distributed firewalls system based on Linux in small business enterprise. |
PDF Full Text Request