The Design And Implementation Of Firewall Policy Audit System Based On B/S Architecture

A firewall is the main equipment to protect the internal network. In recent years, with the increase of attacks toward the enterprise information network,firewall becomes more and more important to protect the internal network of enterprises.With the changing and expanding of business systems,the firewall configuration strategy becomes increasingly complex, and a large number of redundant, invalid, risky configuration rules have been accumulated over a long period, making the network security faced with great threat. In this case, the audit of firewall policy becomes particularly necessary. At present the firewall policy audit systems on the market are mostly aimed at the firewall of foreign brands, the related products for the domestic firewall are very rare. At the same time, the complex network environment is too difficult for the administrator to find and audit the key firewall. To solve the above problems, this paper has researched and implmented the firewall policy audit system.This paper mainly research on the audit toward domestic mainstream firewalls, TOPSEC and VENUSTECH. In the process of writing this article, the author has mainly done the following work:1.The study of the audit plan. On the basis of existing strategy audit research, this paper puts forward the improving strategy tree audit plan and then design and realize the firewall strategy audit system.2.The study and formulation of the strategy audit baseline. According to the related safety specification, combined with the configuration specification of Topsec and Venus, this paper formulate the corresponding audit baseline. 3.The design and implementation of the topology discovery module. To graphically display the current network environment, and help the administrators audit the key firewall simply, this paper has researched the topology discovery technology based on SNMP. The design and implementation of the topology discovery module allows the administrator to audit the concerned firewalls, making the system easier to use.4.The system’ s overall design, the detailed design of functional modules, and the implementation of some key modules. This paper designs and divides the structure of the system based on the MVC model, and designs the key module of the system in detail combined with the business logic. Based on the above research, some key modules including equipment management, audit task management and so on are been implemented by coding.What’s more, in order to break through the isolation system of the enterprise internal information network, the server-nodes cooperating working mode is adopted by this system. The node firstly obtain the firewall configuration file, then transmit it back to the audit server to perform the audit.The firewall policy audit system designed in this paper can perform the audit of TOPSEC and VENUS firewall very well, and can generate the complete analysis and solution report, for some simple configuration problems it can also provide the choice to automatically repaire. Altogether, the system has significant practical value in managing the firewall efficiently.