| Over the past two years, there have been various communications sector restructuring, business model transformation, business transformation, the transformation of network technologies, in particular the comprehensive IP-based telecommunications network is a foregone conclusion. The full realization of reliability of control, QOS, SLA-class features such as telecommunications and IP integration is put in front of the urgency of the task.At present, the IP to the core of many new technologies have greatly accelerated the traditional telecommunications technology and the pace out of business, to build the carrier-class IP network transformation has become a global mainstream operators choice. However, the IP network as the core network must face the serious security issues grim fact, the most commonly used method is the most effective use of a variety of technical means to maintain a normal visit to authorized users and prevent unauthorized users of illegal access. With the network attack and defense technology, now we must use every means to form a comprehensive monitoring from the invasion took place in the future to audit the entire process can be achieved carrier-class network security business. The firewall is a very important means to protect the overall security of the indispensable key technology.In this paper, the status quo for our system to carry out the reinforcement of the network security research, including:improved packet filtering firewall rules management, matching hash algorithm module, and on this basis to achieve a packet filtering firewall and NAT detection of two major business supplemented;on a higher level of general security agents firewall designed to achieve universal agent of a firewall security module, including the three main functions; one, SOCKS consensus, that is, the firewall can provide support for authentication methods; Second, users connect to the request for certification; Third, the security check, that is, through the access control list for the user to connect a request for access control.introduction of a firewall and intrusion detection combined with the concept, design and realization of the Distributed Intrusion Detection System in response to the framework model to respond to the parts;In order to increase their security firewall, and analysis of the implementation of the one-time password authentication;on the packet filtering firewall, the firewall and Deputy General Distributed Intrusion Detection System in response to the testing and acceptance.Finally, the paper put forward the need to be further improved. |
PDF Full Text Request