| The importance of network information security has already been widely recognized. Meanwhile, diverse security technologies such as firewall, intrusion detection, anti-virus and security audit have been widely applied. Based on the facts above, how to constructure a dynamic and comprehensive security protection system, becomes hot in the area of network security.This paper focuses on the research on distributed firewall technology and security interaction technology. A comprehensive network security system is achieved, which regards distributed firewall (DFW) as the center and constructures an open security interaction framework (OSIF). An open, general and scalable security framework for other security products is provided by OSIF, which fixes the firewall into existing network platform, and sets out Security Interaction Exchange Protocol (SIEP).This paper is supported by the National "High Technology Research and Development Program of China (863 Program), Network Cooperative Security Technology Research, and is a further research for Hacker Monitoring Technology Research (863 Program).First, the distributed firewall technologies and system models are introduced, and a plan of the distributed firewall is established. Secondly, the Security Interaction technologies are discussed, and a solution to security interaciton is given. Meanwhile, open security interaciton framework is presented, which includes the design of security interaction exchange protocol and definition of security interaction message exchange format (SIMEF). In the end, this paper gives detailed descriptions of the design of DFW, implemention of policy perform module (PPM) and security interaction manage module (SIMM). |
PDF Full Text Request