| The diversification of security risk in public network increases with the development of computer and network techniques, which is a big threat to information security. The essential problem for security technical personnel is how to guarantee the safety of internal network resources when accessing external network. Thus, as the first barrier between internal and external network, firewall becomes one of the most valued security product.Although firewall guarantees the safety of internal network effectively,it is not an absolutely safe protection approach. Different types of firewall have different safety vulnerabilities. Since analyzing firewall vulnerabilities can help conduct safety protection to the firewall, an overall study of firewall vulnerabilities is essential for obtaining high-level safety protection. Therefore, a test to all firewall equipment with outcome analysis is needful in order to evaluate firewall vulnerability and guarantee network security.The following content first analyzes potential vulnerabilities in firewall management configuration and filter rule, then investigates national standard of firewall test as well as traditional network test technology. Considering the characteristics of filter rule, a test plan based on fuzzing technique is proposed, which constructs IP?ICMP?TCP?UDP protocol malformed packages by marking position zero, inserting special characters, randomizing zone bit and creating large packages, so as to accomplish the vulnerability test to firewall filter rule. In addition, since current hardware firewall mostly adopts Web management, the Web test is added to ensure the integrity of test work.The text investigates the evaluation technology of firewall vulnerability and a firewall vulnerability evaluation model based on index system is proposed after the study of traditional network evaluation technology and national firewall test standard. The model, first, come up with a hierarchical evaluation index system with target layer, property layer,index layer, then quantify index according to vulnerability test outcome.Second, the model compares the importance of each index and values each index weight on the basis of specialist system and AHP(Analytic Hierarchy Process). Finally, the model confirms grey clustering assessment and white function and finishes the qualitative evaluation work of firewall vulnerability.To sum up, the author designs and realizes a test and evaluation system for firewall vulnerability then illustrates its basic structure. A detailed explanation for design plan and implementation procedure of some critical models, etc. control model, test model, evaluation model, database model, can be obtained in the text as well. In conclusion, the reasonability of index system and validity of test and evaluation system is verified by experimental results. |
PDF Full Text Request