Research On The One-way Net Gap Based On Application Filtering Technology

To assure the safely operations of confidential networks,applying a safely quarantined network damping device is considered to be an effective security measures.But in some sensitive industry applications,even applying the safely devices between the trusted intranet and untrusted internet is not enough,it's also necessary to assure the one-way transmission of service data and protect intranet important information from being divulged.Although traditional safely gap can satisfy the safety requirement to separate the networks,but one-way service data transmission control is not supported.Based on application filtering technique,this thesis proposes a “duplex commands,simplex data” model,and realized a simplex network damping system.The thesis is composed of the following parts:1.After analyzing and comparing the worldwide network damping techniques,i.e.five generation damping techniques,this thesis research on the principles of network damping products,ferry of proprietary exchanger information,proprietary protocols,and TCP/UDP application data swap techniques.2.In deep research on application filtering technology represented by stream filtering,this thesis proposes a scalable and highly portable application security detection framework and application protocol identification method.Based on the application-layer flow filtering method,deep analysis of application protocol upon safety quarantine is supported.3.In view of the specific application of the industry,the simplex transmission control technique was studied.A model of “Duplex commands,simplex data” is proposed.The simplex transmission processing of application protocols is studies with the FTP protocol as showcase.The research work in this thesis has been applied to the specific systems of the related departments,which meet the requirements of the deployment of frontline business applications and effectively prevent the divulged of sensitive data.In comparison with traditional network gap products,the research in the thesis further enhanced the safety in assuring the “Only-In-No-Out” requirements of business application data.