Application Research Of Distributed Firewall Technique In Digital Campus Construction

Today as high-speed development of the network, it's safety becomes more and more important. The distributed firewall is precisely produced under such background. In the early 1990s, only a small number of enterprises have firewalls and now most of the users have already started to use firewall. Digital Campus building is the case, as network scale increasingly large, the network technology increasingly new, network structure increasingly complex, network degree of collaboration increasingly rising, also proposed the new challenge to the existing network security system. However, the traditional firewall itself is not able to cope with the increasing network threat.The traditional network firewall actually is a sort of boundary firewall; its security is based on this assumption: internal users are always reliable. It always guards against external attacks. Such firewall has truly demonstrated nicer performance in the network structure that is simple light network traffic situation. Moreover, because its configuration is simple and easy to manage, it has strong ability to alive. But when the network development direction towards distributional diversification,the traditional firewall gradually reveals its shortcomings, Its allocation would become more and more complicated, become the bottleneck of network, even become the security hidden danger.While the traditional firewall encountered tremendous and unprecedented challenges, Steven M.Bellovin put forward the concept of Distributed Firewall after in-depth analysis. Distributed Firewall is relatively new technology, which does not have matured prototype yet. Typical Distributed Firewall composes of the Control Center and Host Firewall component, Control Center centralized manage policy, including the formulation and distribution, and Host Firewall is responsible for the implementation of policy. Control center constitutes different policy for different user, and not has to fall under thenetwork topology constraints. Each note dispersedly executes the policy. Therefore, distributed firewall technology would exceed the previous security technology in performance, security, flexibility.This thesis surveyed the developments of distributed firewall and analyzed the current situation, after that, this paper designed a distributed firewall prototype based on proxy firewall. This firewall system is composed by the control center and the proxy firewall. This model is a typical distributed firewall structure, focusing on the realization of the strategy of consultation mechanisms, including secure communications mechanism, policy consultation language, exception checks of policy and load implementation of policy adopted to verify the validity of policy consultation.This firewall system is composed by the control center and the proxy firewall. The control center is responsible to distribute and deposit security policy. In this system, each proxy firewall can upload negotiatory policy to the control center, negotiatory policy through the control center and gives other proxy firewalls, various proxy firewall has achieved the joint operation goal after the policy arrange. In this system, policy consultation mechanism with the following features:1) Real-time. In this system of distributed firewall, negotiatory policy should be released to the other proxy firewalls as soon as possible; if this can be done quickly enough the security policy can rapidly act;2) Security. The negotiatory policy is the essential information. If it is tampered, it would be a direct threat to the security of the entire distributed firewall. Therefore, the policy consultation mechanism should have perfect security, integrity and confidentiality. SSL can provide above security, this distributional firewall uses SSL to realize the safe transmission;3) Effectiveness. Policy sending and receiving are taken on upper efficiency by reasonable design, simultaneously gives dual-attention to the system resources saving. Control center uses multithreading programs that dispose biggish quantity connection;4) Uniformity. Each distributed firewall's policy has different content and different form, therefore, policy language is needed to achieve a unified format. This policy language can achieve the harmonious communication between control center and proxy firewall. This thesis defined a suitable format CNote for communications strategy, and to provide a unified rule to describe format, version, policy publisher, such as certification information.The system passed through finally tests, the performance achieved the design requirements, and it had definite applied value.