Research On Active Firewall And It's Management As Network Cell

Posted on:2003-08-25

Degree:Master

Type:Thesis

Country:China

Candidate:Y J Yang

Full Text:PDF

GTID:2168360062486336

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

As the most impressive production of information era, computer networks have already become an internal part of our social lives. No matter in politics, technology, economy or culture life, network has played a more and more important role. But with the transform it brought with us, network also poses on us some unexpected problems. One focus among them is the security of the network because it directly influences the development speed of the network technology.As one of the most commonly used manners in dealing with security issues, firewall contributes a lot in improving the security level of the network. But, with the development of modern network technology, traditional firewalls, such as single checkpoint firewall or passive distributed firewall, can no longer satisfy the requirement of the network. But we shouldn't abandon the concept of firewall since it is the most effective measurement to separate trusted and untrusted portion of the network whenever in the past or future.After careful investigation in the current security problems in the network, the implementation principles and shortcomings of several kinds of current wide-used firewalls are presented.Afterwards, the concept of active firewall is defined, which differs greatly with traditional firewalls. Then, a prototype of the active firewall, which includes security vulnerability scanner, intrusion detection monitor, virtual private networking solutions, firewall-based virus scanner, is presented.Based on the prototype, a demo of the active firewall, TX-Defendingl.O, which includes package filter firewall, real-time intrusion detection, central event managerinand network security policy database, is designed and implemented.Upon the implementation of TX-Defendingl.O, the author puts forward an idea of expressing network security policy in a formal logic language. The language discussed here is Role-based Standard Deontic Logic. This language can not only detect policy consistency, but also resolve policy conflicts. Examples are followed.

Keywords/Search Tags:

Active firewall, intrusion detection system, network security policy, role, standard deontic logic, SNMP

PDF Full Text Request

Related items

1	Research And Implementation Of Interaction With Firewall And Intrusion Detection System
2	The Design And Implementation Of Security Policy Center And NP-based Firewall
3	Study On The Intrusion Prevention System
4	Investigation Of Intrusion Detection System And Its Design Based On Analyzing TCP/IP Protocol
5	Research On Enterprise Network Security Policy And Technology Based On The Firewall
6	Huzhou City Public Security Network Firewall And Intrusion Detection System Design And Implementation
7	Application Of Intrusion Detection Technology On Linux-based Firewall
8	Research And Design Of Security Defense Architecture Based On Firewall And Intrusion Detection
9	Research Of An Intrusion Detection System Based On Security Status Of Information Database
10	Research On Security In Role-based Policy Communication Mechanism Based Embedded Firewall