防火墙技术研究——一种可靠保护内网防火墙的实现
摘要
网络的安全不仅表现在网络的病毒防治方面,而且还表现在系统抵抗外来非法黑客入侵的能力方面。对于网络病毒,我们可以通过KV300或瑞星杀毒软件来对付,那么对于防范黑客的入侵我们能采取什么样的措施呢?在这样的情况下,网络防火墙技术便应运而生了。防火墙技术的核心思想是在不安全的网际网环境中构造一个相对安全的子网环境。本文在分析防火墙技术的基本概念和系统结构的基础上,讨论了实现防火墙的三种主要技术手段:一种是基于分组过滤技术(Packet filtering),一种是应用网关,再就是基于代理技术(Proxy)。同时,深入分析了防火墙的安全性,包括抗攻击能力和基于防火墙日志信息的入侵检测。最后给出用Linux服务器配置的一个严密的防火墙系统防止来自互联网的各种外部攻击,并实现内部大部分用户仅通过该专线浏览外部http//https/ftp网站,部分用户通过它从外部收发Email,使用Realplayer,ICQ等。
The security of computer network consists of pretending the invasion of net virus and hackers. We can keep back the net virus using software of anti-virus,such as KV3000 and Rising. Meanwhile we can prevent the hackers using the firewall technology. The key idea of firewall technology is to build a kind of relative safe sub-environments among the nets. Based on debating the essential conception and system structure of the firewall technology,this paper sums up three important method about firewall technology:Packet Filter,Application Gateway and Proxy. Furthermore,this paper discusses the security of the firewall,including the ability of anti-attack and invasion check-up through the firewall Log. Finally,this paper,through debugging,give a model firewall that can prevent various attacks from Internet based on Linux sever. At the same time,according to firewall's rules,some users can only visit http/https/ftp outside. Some can get more rights,such as email,realplay,ICQ and soon.
The security of computer network consists of pretending the invasion of net virus and hackers. We can keep back the net virus using software of anti-virus,such as KV3000 and Rising. Meanwhile we can prevent the hackers using the firewall technology. The key idea of firewall technology is to build a kind of relative safe sub-environments among the nets. Based on debating the essential conception and system structure of the firewall technology,this paper sums up three important method about firewall technology:Packet Filter,Application Gateway and Proxy. Furthermore,this paper discusses the security of the firewall,including the ability of anti-attack and invasion check-up through the firewall Log. Finally,this paper,through debugging,give a model firewall that can prevent various attacks from Internet based on Linux sever. At the same time,according to firewall's rules,some users can only visit http/https/ftp outside. Some can get more rights,such as email,realplay,ICQ and soon.
引文
1、Andrew S. Tanenbaum.Computer Networks (third edition). Prentice Hall, 1996.
2、Brain Komar. Teach Yourself TCP/IP Network Administration in 21 Days.Sams Publishing, 19981999
3、Karanjit S,Chirs H. Internet Firewall and Network Security, New Riders publishing, 1996
4、付泽宇 余镇危.一种主机防火墙的设计和实现.计算机安全,2002.2
5、黄锦 李家滨 基于防火墙日志信息的入侵检测研究.计算机工程,2001.9
6、吴阿亭 如何设置一个可靠的防火墙系统保护公司内部网络.中国Linux论坛
7、黄智祥 叶震 孙志勇 防火墙技术及其体系结构研究.计算机与信息技术,1999.11
8、吴世忠 互联网防火墙技术的回顾与展望.北京瑞星科技股份有限公司网站
2、Brain Komar. Teach Yourself TCP/IP Network Administration in 21 Days.Sams Publishing, 19981999
3、Karanjit S,Chirs H. Internet Firewall and Network Security, New Riders publishing, 1996
4、付泽宇 余镇危.一种主机防火墙的设计和实现.计算机安全,2002.2
5、黄锦 李家滨 基于防火墙日志信息的入侵检测研究.计算机工程,2001.9
6、吴阿亭 如何设置一个可靠的防火墙系统保护公司内部网络.中国Linux论坛
7、黄智祥 叶震 孙志勇 防火墙技术及其体系结构研究.计算机与信息技术,1999.11
8、吴世忠 互联网防火墙技术的回顾与展望.北京瑞星科技股份有限公司网站