| The traditional firewall is a real physical service device that mainly controls north-south traffic in the network;a virtual firewall is like a special virtual machine with security services,and can have independent administrators,system resources,authentication user,security policy,datab-ases and so on.Traditional firewall deployment defects and application deficiencies are one of the keys to the generation of virtualized firewalls.The access control system is the most important part of the firewall.In order to meet the user's permission or prohibition of access to network resources in different time periods,time restrictions are introduced when configuring the firewall policy in the access control system.Due to the increase in time,firewall policies The existing conflict type changes,making the 5-tuple-based conflict detection unsuitable for adding time attributes.In order to resolve the conflicts in firewall rules within a certain period of time,this article analyzes the rules based on time and re-defines the types of conflicts based on time.There are tens of thousands of firewall rules,which inevitably lead to conflicts.Redundant conflicts and shielding conflicts make the configured policies ineffective and seriously affect the matching speed of the firewall.In order to detect redundant conflicts and shield conflicts,by investigating the current status of research at home and abroad,a time-based linearized linked list conflict detection algorithm is proposed,and the conflict detection function is prototyped and implemented.This article introduces the design and implementation of the virtual firewall access control system in detail.The system mainly consists of five parts:login module,basic object module,access control module,traffic topology diagram module,and authority management module.In the end,the article validates the conflict detection algorithm based on the time-based linearized linked list,and conducts functional tests on the policy issuance and functional modules. |
PDF Full Text Request