中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
一个防火墙远程管理系统的设计与实现
作者: 张金玲
答辩日期: 2001
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 防火墙 ; 远程管理 ; 身份认证 ; 密码学 ; Kerberos协议
摘要: 设计实现本系统是为了解决分布式防火墙系统中多种安全技术的集中管理问题。在本文绪论中,我首先简单介绍了防火墙的两种主要技术包过滤和应用代理服务器的工作原理、规律制订标准以及各自在安全控制性能上的优缺点,在此基础上分析目前防火墙系统结构的现状,从而引出设计实现本远程管理系统的缘起,并进一步分析了国内外知名安全产品在防火墙系统管理方面的研究现状和成果。本系统的设计主要遵从以下思路:采用client/server模式,采用网络通路将分散于不同控制节点处的多台防火墙主机集中地管理起来。由于要在网络链路上传输数据,所以需要运用密码学技术来保证各种管理信息的安全性,同时利用身份认证技术防止非授权用户通过启动本系统达到非法目的。为了帮助读者理解本系统中有关这两方面的内容,我在第二章中对这两种安全技术做了概括性的介绍。本系统设计和实现的重点在于两方面,即人机交互接口程序以及保障系统安全性的身份认证模块和数据安全传输模块的设计与实现。第三章,对本远程系统的设计结构和具体实现做了详细的介绍。在该章分析了系统的逻辑结构和工作流程,将整个系统分为客户端程序、管理用户身份认证、数据的安全传输和服务器端程序五个模块四大部分。并对这四部分内容的设计思想、工作流程和一些具体实现经验做了详细的介绍和剖析。在本论文的第四章中,我对防火墙远程管理系统的进一步开发提出了一些个人的意见和建议,包括管理系统安全性的进一步加强、规则的一致性检查、管理范围的扩展和规则配置的透明化等内容。相信这对防火墙管理系统的进一步研究会有所帮助。第五章,是对全文的总结。
英文摘要: The motive for designing and implementing this system is to manage several kinds of security technology of distributing firewall system centrally and effectively. In Chapter 1, I make a simple recommendation of the two most primary kinds of firewall technology, which are Packet Filter and Application Proxy, on working principle, criterion of rules drawing, and the contrast between their security performance. I also analyze the present status of firewall architecture in this chapter, thereby explain the reason I came out the idea to implement this remote management system. In the last part of Chapter 1, I introduce several famous security products on firewall management home and abroad. The basic approach of the design of this system is to adopt client/server mode and centrally manage several firewall hosts located in different control nodes by network. For the useful data need to be transported through network, cryptology technology must be used to protect all kinds of management information from vicious attack. At the same time, authentication technology should be used to prevent unauthorized users from running this system and obtaining unlawful benefit. In order to help you understand the content of these two aspects in remote management system's design and implementation. A recapitulative introduction of these two kinds of security technology is given in Chapter 2. The main two tasks of designing and implementing this system is to develop a kind interactive interface for security administrators and to design and implement authentication module and secure data transportation module to ensure the security of management system itself. In Chapter 3, I first give an overall introduction to the logical structure of this system, and then give thorough illustrations for the design and implementation of each function module of this system. In Chapter 4 of this paper, I advance some personal suggestion for further research and development of firewall remote management system, including strengthening the security of management system, examining the consistency of control rules, enlarging the range of managing, configuring rules transparently and so on. I believe that all these suggestions will benefit the further research of firewall remote management system. I give a summary to the whole thesis in Chapter 5.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/5630
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW004452.pdf(2511KB)----限制开放-- 联系获取全文

Recommended Citation:
张金玲. 一个防火墙远程管理系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2001-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[张金玲]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[张金玲]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace