A Policy-based Firewall Management System
碩士 === 逢甲大學 === 資訊工程所 === 96 === The firewall is a primary element for network security; it protects the network devices from attacks. A firewall filters packets that are not authorized by the access control list. Even if a network security policy has been written by an expert it will not necessaril...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2008
|
Online Access: | http://ndltd.ncl.edu.tw/handle/98557838894580177290 |
Summary: | 碩士 === 逢甲大學 === 資訊工程所 === 96 === The firewall is a primary element for network security; it protects the network devices from attacks. A firewall filters packets that are not authorized by the access control list. Even if a network security policy has been written by an expert it will not necessarily defend against all network attacks. The lack of automated network security policies management system can causes security holes and can increases the chance that network will be compromised by network attacks.
In order to avoid the network security breaches, the firewall protects network use access control list. An access control list that composed by policy rules. A policy rule include an order and some fields like source IP、source Port、…, and so on. It’s easy to occur the policy conflict if an administrator don’t according to order、considerations and plans. The deployment and coordination of policy rules is particularly difficult in a multi-firewall environment. If one network administrator installs a firewall but a second administrator configures the conflicting policy rules can produce unexpected results after a period of time.
The goal of this paper is to establish an effective access control list management system based on policy for routers. This system analyzes filtering rules and provides visualizations of the network in order to give the network administrator complete knowledge and control of all details of network security.
We use the Single Root Tree to model a firewall policy. We analyze the order in which packets are routed I terms of network routing paths. Moreover, we also use Global Policy and policy optimization to simplify policy management to detect policy conflicts and to deploy policies to the network devices.
|
---|