基于Linux防火墙可控技术的研究与实现
摘要
在深入分析研究传统防火墙技术和未来发展趋势的基础上,提出一种基于Linux的Net filter管理技术和Web Service相关技术为框架基础,结合JMX分层网络实现可控的防火墙系统。该系统采用B/S结构,具有状态包过滤功能,实现了对防火墙进行灵活的配置和集中方便的管理功能,策略规则分发方便,管理界面友好统一。对于符合Web Service技术规范的防火墙可以方便地纳入本防火墙管理系统,从而较好地实现了系统的平台无关性、可扩展性和可管理性。
实验证明本设计能够实现对防火墙的可控管理,性能指标达到用户需求。
On the basis of thoroughly analyzing and researching the traditional technology of firewall and future trend of development,a system of controllable firewall is put forward which is grounded on the Net filter management technology and Web Service relevant technology that is based on the Linux,and combines JXM hierarchic network.The system uses B/S structure,with stateful packet filtering firewall to achieve a flexible and convenient configuration and centralized management capabilities,regular policy and convenient distribution,and friendly unified management interfac(5) For the firewall that is in line with the Web Service technical specifications can be easily incorporated into the management system of the firewall,so as to better achieve the system's platform-independent, scalability and manageability.Experiments prove that this design can achieve the control of the firewall management,and performance indicators to meet customer needs.
实验证明本设计能够实现对防火墙的可控管理,性能指标达到用户需求。
On the basis of thoroughly analyzing and researching the traditional technology of firewall and future trend of development,a system of controllable firewall is put forward which is grounded on the Net filter management technology and Web Service relevant technology that is based on the Linux,and combines JXM hierarchic network.The system uses B/S structure,with stateful packet filtering firewall to achieve a flexible and convenient configuration and centralized management capabilities,regular policy and convenient distribution,and friendly unified management interfac(5) For the firewall that is in line with the Web Service technical specifications can be easily incorporated into the management system of the firewall,so as to better achieve the system's platform-independent, scalability and manageability.Experiments prove that this design can achieve the control of the firewall management,and performance indicators to meet customer needs.
引文
[1]李涛 网络安全概论[M].北京:电子工业出版社,2004.11 3 4
[2]霍芝,张其善Linux防火墙远程管理办案设计[J].计算机安全 2006.4.
[2]王虎,防火墙远程管理技术[J].电子商务世界 2002,10
[4]贾贺,张旭等.防火墙原理与实用技术[M].电子工业出版社,2002.
[5]李胜广,张其善基于GUI远程管理的嵌入式防火墙系统[J]计算机工程与应用2005.09,张金玲,卿斯汉.防火墙远程管理系统的实现[J].中国科学院软件所2002.
[6]刘喆,防火墙中基于web的管理和一次性口令的设计与实现[D].电子科技大学2002.4
[7]陈海军,张凌,李家春.基于vlan分组策略防火墙的设计[J].2060年度华南理工大学电子与信息学科研究生学术研讨会2006.12
[8]王英红 分布式防火端堵住内部网漏洞[J]计算机世界报,2002.04
[9]李庆东、张文娟,网络安全问题研究,情报科学,2000.8
[10]章志刚,网络安全漏洞及其对策,数据通信,2002.2
[11]朱革媚、周传华、赵保华,网络安全与新型防火墙技术,2001.2
[12]李淑慧,网络安全技术讨论,现代电子技术,2001.5
[13]徐雪霞,侯旋,防火墙技术与网络安全,现代电子技术,2001.6
[14]杨素彬,谭成翔,Linux连线跟踪机制及应用,计算机安全2006.7
[15]张翼,张勇,汪为农.防火墙过滤规则的建模和全面优化[J].计算机工程与应用,2006,
[16]傅光轩,高鸿峰,卢朝辉编著,下一代互联网核心通信协议—IP/V6原理及应用贵州教育出版社
[17]陈海军,安宗旭网络攻击发展的新特点[J]信息对抗学术2006
[18]2006年全国信息网络安全状况与计算机病毒疫情调查分析报告[J]计算机安全2006年09期
[19]A.Wool.A quanitative study of firewall configureation errors[J].In:proceedings of IEEE computer,June 2004,Vol
[20]Gouda.M,Liu X.Firewall Design;Consistency,Completeness,and Compactness[A].In:proceedings of the 24th IEEE International Conference on Distributed Computing Sytems {IXDCS'04},March 2004
[21](5) Al-Shaer,H.Hame(4) Management:and translateon of filtering security poliies [A].In:proceedings of IEEE international Conference on Communications[C],May 2003:Voll
[2]霍芝,张其善Linux防火墙远程管理办案设计[J].计算机安全 2006.4.
[2]王虎,防火墙远程管理技术[J].电子商务世界 2002,10
[4]贾贺,张旭等.防火墙原理与实用技术[M].电子工业出版社,2002.
[5]李胜广,张其善基于GUI远程管理的嵌入式防火墙系统[J]计算机工程与应用2005.09,张金玲,卿斯汉.防火墙远程管理系统的实现[J].中国科学院软件所2002.
[6]刘喆,防火墙中基于web的管理和一次性口令的设计与实现[D].电子科技大学2002.4
[7]陈海军,张凌,李家春.基于vlan分组策略防火墙的设计[J].2060年度华南理工大学电子与信息学科研究生学术研讨会2006.12
[8]王英红 分布式防火端堵住内部网漏洞[J]计算机世界报,2002.04
[9]李庆东、张文娟,网络安全问题研究,情报科学,2000.8
[10]章志刚,网络安全漏洞及其对策,数据通信,2002.2
[11]朱革媚、周传华、赵保华,网络安全与新型防火墙技术,2001.2
[12]李淑慧,网络安全技术讨论,现代电子技术,2001.5
[13]徐雪霞,侯旋,防火墙技术与网络安全,现代电子技术,2001.6
[14]杨素彬,谭成翔,Linux连线跟踪机制及应用,计算机安全2006.7
[15]张翼,张勇,汪为农.防火墙过滤规则的建模和全面优化[J].计算机工程与应用,2006,
[16]傅光轩,高鸿峰,卢朝辉编著,下一代互联网核心通信协议—IP/V6原理及应用贵州教育出版社
[17]陈海军,安宗旭网络攻击发展的新特点[J]信息对抗学术2006
[18]2006年全国信息网络安全状况与计算机病毒疫情调查分析报告[J]计算机安全2006年09期
[19]A.Wool.A quanitative study of firewall configureation errors[J].In:proceedings of IEEE computer,June 2004,Vol
[20]Gouda.M,Liu X.Firewall Design;Consistency,Completeness,and Compactness[A].In:proceedings of the 24th IEEE International Conference on Distributed Computing Sytems {IXDCS'04},March 2004
[21](5) Al-Shaer,H.Hame(4) Management:and translateon of filtering security poliies [A].In:proceedings of IEEE international Conference on Communications[C],May 2003:Voll