Dissertation
Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security

Research of Key Technology of Firewall Security Policy Configuration

Author RenZhanRui
Tutor ZhaoGuoHong
School National University of Defense Science and Technology
Course Computer Science and Technology
Keywords Firewall Policy language ExFlip Security policy BSG Collision detection
CLC TP393.08
Type Master's thesis
Year 2011
Downloads 31
Quotes 0
Download Dissertation

Firewall as a network security protection equipment , its function is growing more and more complicated to use . Existing firewall policy configuration is very difficult to guarantee the security of their applications , does not meet user needs , there are inconsistencies rules abnormal . The security policy configuration become a hot topic . This article discusses the key technology is concentrated in two areas , the high - level description and the low-level firewall configuration generated firewall rules consistency conflict detection . The main duties include : First, the analysis of the current research status of high - level policy language can not describe a new type of firewall for the lack of authentication information and tunnel information for Flip senior policy language , a Flip extended firewall senior policy language ExFlip . The language inherited the the Flip language of grammar , the description of the VPN policy and certification strategy , further enhance the description capability of the firewall policy . Secondly, the the strongman architecture , for the lack of information granularity in the system as well as strategies detection and management , design a strategy for the deployment process , the security needs of the user , the network information and authentication information automatically into the firewall policy configuration , omit the configuration configuration details in the process , greatly improve the efficiency of the policy configuration to ensure the correctness of the policy deployment . Again , summarizes the the firewall rules abnormal classification and anomaly detection algorithm for the detection efficiency is not high , the duplicate detection service packet - based firewall policy conflict detection algorithm BSG . The algorithm can be efficiently rules that may exist in the firewall rules abnormality accurately positioning alarm performance exceeds the highest detection efficiency Fireman algorithm . Finally , based on the above work to achieve a firewall configuration generation and testing of a prototype system , and its function testing and validation , and data analysis .

Related Dissertations
More Dissertations