Research And Implement A Distributed Firewall Based On VPN

Nowadays, the network security problem has become the problem which must be resolved urgently for the development of computer network. The firewall technology is one of the impotent approaches to protect the network security. Conventional firewalls which are deployed at the network edge rely on topology restrictions to protect the security of inside network. But, with the growing size of networks and the growing complex of topology, the shortcomings of conventional firewalls are more and more exposed. Concept of distributed firewall is introduced to eliminate these shortcomings. In a distributed firewall system, security policy is centrally defined; enforcement, however takes place on each endpoint. Thus the network security no longer depends on topology. However, it has not yet been resolved well that how to protect the communication among inside hosts in distributed firewall systems.This thesis discusses the current network security technologies and their developments. Then it studies the distributed firewall and VPN. Basing on these studies this thesis proposes that applying VPNs in distributed firewalls and designs a distributed firewall system based on VPN. This system integrates VPNs into distributed firewalls flexibly. It protects the hosts by distributed firewalls and protects the communication among inside hosts by VPNs. It resolves the problem of communication security among inside hosts in distributed firewalls. This thesis at last implements a prototype of a distributed firewall based on VPN in Linux operation system. Furthermore it tests the prototype. These tests show it is viable that integrating VPNs into distributed firewalls. The prototype also has some practicality.