| Softswitch is the most important technology in Next Generation Network (NGN) architecture. Its main purpose is to simultaneously provide all services of voice, data, and multimedia over the different networks. Its core idea is to implement the function with software instead of hardware, and to implement the control, continuer, and service process with software which are implemented in the old circuit switch. It is necessary to add VOIP gateways in access layer for interlinkage between the circuit switch network and IP network so that the traditional PSTN/ISDN users can access NGN smoothly and successfully. VOIP gateway is classified by media gateway and signal gateway in NGN. Media gateway implements the transform of the voice data format between traditional network and IP based network;Signal gateway implements the transform of signal format between traditional network and IP based network.VOIP gateway device is easily attacked from network for it locates in the complicated IP network. This thesis focuses on the network security of ISDN IAD(Integrated Service Digtal Network: ISDN, Integration Access Device:: IAD). Firstly, technical background of ISDN IAD is analyzed and summarized;secondly, the common and difference points of function requirement between ISDN IAD firewall and other general firewalls are analyzed;finally, the thesis takes ISDN IAD project as background, combines the service of ISDN IAD. After the analysis of ISDN IAD principle and the relative firewall technology, the thesis explores and designs the firewall on ISDN IAD. Research work and results in this thesis includes:(1) A method to protect the ISDN IAD service is proposed. It takes the service of ISDN IAD as background, collects the relative information in the new module so that provide convinced evidence for justice of service.(2) The advanced "State Inspection" technology is applied to the design. Combining application method of VxWorks operation system kernel in the development of firewall, we use state inspection technology to track the connection request from ISDN IAD so that firewall can recognize the reply packet of the request.(3) The overall design of ISDN IAD firewall is performed. The design bases on the requirement of the whole software. Function of firewall can be divided into four parts: service protection, user configuration, flow limited, and defend of the usual attack. Combining the service characteristics of ISDN IAD with firewall technology inVx Works kernel, all function modules are designed and implemented.(4) Test method and its steps of each function module according to the requirement and design of firewall is fullfilled.(5) A new method is put forward to prevent ISDN IAD from SYN FLOOD attack which based on the temporary TCP state table.Researches on ISDN IAD Network security not only enhance the security of ISDN IAD, but also provide biggish reference worthiness to the security researches and implementation of other access devices. |
PDF Full Text Request