一种实用的微型防火墙系统设计

论文标题:一种实用的微型防火墙系统设计

A Applied Devise of Subminiature Firewall
论文作者 陈高辉
论文导师 陈拓,论文学位 硕士,论文专业 通信与信息系统
论文单位 中国科学院研究生院（西安光学精密机械研究所）,点击次数 11,论文页数 72页File Size2574k
2004-06-01论文网 http://www.lw23.com/lunwen_838511037/ 网络安全;防火墙;包过滤;安全策略;linux系统
network security; firewall; packet filter; security policy; linux os
防火墙是一种保护本地系统和网络，抵制基于网络的安全威胁，同时提供通过广域网和因特网对外界进行访问的有效方式。防火墙是一种有效的防御措施，它能增强内部网络的安全性，能够防范、抵御各种网络威胁。在互联网时代，防火墙对保护网络安全有着越来越重要的作用。 本文是作者在网络中心网络安全实际工作中，通过不断实践，不断学习，不断总结经验的基础上完成的。论文从理论上全面的阐述了防火墙的实现原理，以及linux操作系统下的netfilter框架实现，着重论述了防火墙的包过滤和状态检测等技术。在此基础上介绍了内部企业网的体系结构和internet服务与internet安全，并且对中心网络进行测试分析出优化方案，结合优化方案针对网络存在的安全隐患，划分了网络的安全区域，制定了相应的安全策略，使用iptables实现了网络安全保护和网络性能优化。最后写出了相应的iptables脚本程序以及利用linux bash shell编写了动态iptables程序，并对该系统进行了总体评价。 本文设计的防火墙具有实用易操作成本低的特点，适用于中小型事业单位，具有一定的推广价值。该系统加以改造可以做嵌入式防火墙系统，能够实现产品化。
Firewall is an effective system to protect local network, reject network security threat and access outside through internet. Firewall is an effective recovery step, can strengthen the security of network, prevent and resist various menace of network. In internet times, firewall has played more and more important rules in network security protecting.The paper is accomplished based on continuously practicing, studying and summarizing in the course of practical working to establish secure enterprise network. In theory , it discusses the principle of how to achieve the firewall system and the realizing frame of the core firewall netfiller under linux operating system in a comparatively comprehensive way, and pays due attentions on the firewall technologies of packet filter and state inspection. Based on these principles, the paper introduces the system framework and internet services of the enterprise network, compartmentalizes the network security areas, stipulates for corresponding security policies aiming at the network hidden security troubles, and writes the firewall programs to arm the enterprise network. Jn the end accomplish the homologous iptables script procedure and make use of the linux bash shell compile the dynamic iptables script procedure, besides, collectivity appraise the firewall system.The characteristics of practicability and low-cost of the firewall system and middle sized enterprises and has a great promoting value. If we change the firewall system it could do inbuilt firewall system, make vast production.

链接：http://www.lw23.com/lunwen_838511037/