The Design And Implementaion Of Special Isolation System

With the rapid development of Computer Internet, government, military,, financial and corporate information technology continues to get higher level, and computer network technology is widely used. While information technology brings high-efficiency to government, military, financial and corporate’s construction and work, it also brings high-risk of information security. Therefore, strengthening the private network security becomes an urgent task.To meet the needs of high security and high communication efficiency in private network, this paper presents the design and implementation of Special Isolation System on Linux. Special Isolation System provides isolation service for the private network and the public network, and puts barrier between them to ensure secure communication. The use of packet filtering technology, protocol analysis technology and other technologies helps us achieve on the identification, monitoring and controlling of data streams that flows into private network, then the results and data are gathered and used in system maintenance modules as input for farther analysis and decision-making to help improving network communication quality and health level. Special Isolation System routes media, data and voice packets that has passed inspection to the corresponding host or server in the private network with minimum delay, to complete data communication between the networks.Given that current common firewall systems are technically simple, difficult to resist a variety of complex attacks, and the configuration and use are lack of flexibility and convenience, the Special Isolation System combines with a variety of protection technology, provides multi-layered security protection in network architecture to do packet detection and monitoring on each layer, besides, it also provides a friendly and flexible control interface. The system is divided into following five subsystems: 1. Data exchange, responsible for transparent data forwarding.2. Network layer/transport layer data protection, responsible for access control and flow control.3. Application layer data protection, responsible for application layer data detection and prevention. This subsystem provides a way to implement user-space firewall based on DPI (Deep Packet Inspection) technology. With that the Special Isolation.System can do application layer protocol packets analysis, inspection and filtering. In this paper, we take SIP protocol data protection as an example.4. System monitoring, responsible for recording, monitoring and analysis of system data.5. System interaction, responsible for interaction with users.In this paper, some technical solutions are original designed, and the Special Isolation System meet the needs of users, having practical significance.