The Research And Design Of Firewall And It's Management With Network-cell

With the wide applications of Intemet,the security of computer network is recently paid more and more attentions. For exaniple,if you intend to apply Internet to politics ,economy and A so on ,which need a great security against vicious men/women,you have to first investigate the network's ablity to secure you.So the degree of network secure is one of the main decisive factors that leads to the applications and development of Internet. As one of methods to increase network security,the firewall has acted as an important role in the Internet world since it was successfully developed,because it can reject those no-authorized requests for services from the protected networks. It also has been thought as a secure obstacle to intruders into the protected networks.However,many firewalls are very difficult to be managed and maitained,and this kind of works have to be done by those proficient employees of network companies.This is a very bad problem facing to many common users,and has to be resolved if we want to keep firewalls run safely and efficiently. In this thesis, a new idea of firewall management based on one standard network management protocol is given,that is, the firewall can be managed by means of SNMP,which is an international popular network management protocols.In this thought,the firewall will become one of many managed objects of SNMPJt will not only make users to manage and maintain their firewalls conveniently,but also increase the NMS's (Network Management System) ablity to secure management.Furtbermore, it will also help managers to do synthesis managing works on their network,and eliminate the dispersive phenomena each other both firewall management system and SNMP-based network management system. In this thesis, the main services and the secure problems of Internet are discussed first, and the main technologies and the strategies are given afterwards. Then the firewall抯 concept, functions, theories, construction and manage problems are systematically discussed in next chapters. In addition, a new firewall model, HWT-FW, with a SNMP Agent, is provided. By this Agent, the firewall will become a managed object based on SNMP, and will get managed in SNMP standard. Firewall is a kind of the devices of protecting private networks, and it is very important to secure it. Managing firewall through network means that managers may not only get information from their firewalls, but also send some messages to set the firewalls and change its statuses. Therefore, we have to keep the transformed messages in the network from being stolen, spoofed and changed by the hacker. In this thesis, the security of SNMP is analyzed, and the advantage of using SNMPv3 to manage firewall is discussed, which can help to transform management messages in network security because there are better security characteristics in it. In following chapters, the main MIB-tables of the FW-MIB are given. The functions of the FW-Agent are discussed, and its main modules and relation each other are given respectively. Many aspects about FW-NMS are also discussed, for example, the getting FW-MIB information, the functions of manager entity and the security of function defined by users. In this thesis, the firewall and its recent management are analyzed, and then an idea of firewall management with network-cell is given, and the values of this management method are discussed. The main sub-modules of HWT-FW, the main tables of FW-MIB and the main functions of FW-Agent are provided in detail.