Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Distributed Firewall Design on Linux platform     - How to set up FTP server on Linux (Server)

- STL spatial Configurator (Programming)

- Vim useful plugin: vundle (Linux)

- Oracle multi-user concurrency and transaction processing (Database)

- CentOS 6.5 minimal installation and configuration VMware tools (Linux)

- Hadoop2.6.3 build clusters and the development of MapReduce WIN7 by Eclipse on Linux demo (Server)

- MySQL uses mysqld_multi to deploy stand-alone multi-instance detail procedures (Database)

- SecureCRT in Python scripting study guide (Programming)

- NAT (network address translation) Realization (Linux)

- Repair Chrome for Linux is (Linux)

- ORA-12547: TNS: lost contact error Solution (Database)

- Ubuntu users to install Xtreme Download Manager (Linux)

- GitLab Installation Guide -Ubuntu 14.04 LTS (Server)

- Ubuntu Apache virtual host configuration (Server)

- CentOS use wget (Linux)

- CentOS Set the Mono environment variable (Server)

- Linux --- manual release system cache (Linux)

- Linux systems use logwatch log file monitoring (Linux)

- How to avoid two Chrome icon appears in ELementary OS Freya (Linux)

- Linux memory Cache Analysis (Linux)

 
         
  Distributed Firewall Design on Linux platform
     
  Add Date : 2017-08-31      
         
         
         
  1 traditional firewall and Defects

Firewall means disposed between different networks or network security domains, according to some security policy to the implementation of a communication network between the combination of a series of components of access control.

Firewall in the traditional sense refers to the border firewall, the network will be divided into internal networks and the Internet in two parts. It is the only entrance and exit between network information transmission, according to the security policy control (allow, refuse, monitor) access to network information flow, and itself has a strong anti-attack capability. It is to provide information security services, it is important, basic safety devices for network and information security. Logically, a firewall is a separator, a limiter, is a parser to effectively monitor the activities of any of the internal network and the Internet to ensure that the internal network security.

Traditional firewalls limit depends on the topology of the network, it assumes that all hosts on the Internet are trusted, all hosts out online are credible. When the network topology restrictions in accordance with this model worked well; However, with the expansion of internet access and new network applications, this model more and more flaws exposed, facing great challenges . Main features:

(1) to bypass the firewall attacks powerless; if the firewall rules set up properly, all hosts on the Internet will be exposed to direct attacks from the outside.

(2) Since all trusted hosts in the Internet, and malicious attacks from within the network, unauthorized access or inadvertent misuse, "turning a blind eye."

(3) potential communication bottlenecks and single points of failure.

(4) with end to end encryption (such as VPN) conflict.

(5) Dependent on the network topology, we can not support mobile computing.

In order to overcome the above drawbacks, resulting in the concept of "distributed firewall" (Distributed Firewall) is.

2 Distributed Firewall

But by multiple host-based centralized management and configuration of firewall composition distributed firewall. In a distributed firewall, centralized security policy is still defined, but the implementation of each separate network endpoint (such as a host, router).

Distributed firewall contains three essential components:

(1) description language security policy.

(2) safe release mechanism policy.

(3) application of policy implementation mechanisms.

Security policy language defines which communication is permitted and what is prohibited communication, it should support multiple types of applications, but also supports the right to delegate and identification. Strategic planning after being published to the network endpoint. Policy distribution mechanism should ensure that the policy during transmission integrity and authenticity. Policy released a variety of ways, can "push" system to the terminal, the terminal can be obtained on request, it can also be provided to the user in the form of certificates. Located on policy enforcement mechanisms to protect the host, before processing out of communication, it queries the local policy and then make a decision to allow or prohibited.
     
         
         
         
  More:      
 
- Linux Kernel 4.2 Installation Instructions (Linux)
- Incremental garbage collection mechanism for Ruby 2.2 (Programming)
- Go build the locale under Windows (Linux)
- PHP security Programming Advice (Programming)
- numpy and SciPy installation under Python for scientific computing package (Linux)
- Sleuth Kit: used to analyze a disk image and restore files open source forensics tools (Linux)
- Ubuntu cut screen method (Linux)
- Python format string (Programming)
- SQL Server automatic backup script (Database)
- About Hibernate cache, you want the latest data have trouble even session.clear (Database)
- Linux Crontab Timing task command Detailed (Linux)
- Python: Finding meet the conditions specified in the file directory (Programming)
- Linux non-graphical interface to install Oracle Database (Database)
- Open SSH remote access service that allows Android phone Ubuntu 14.04 (Linux)
- MySQL Tutorial: Philosophical Reflections on the unauthenticated user (Database)
- Linux Log (Linux)
- Windows and Ubuntu dual system, repair of two ways UEFI boot (Linux)
- Linux shell script under the use of randomly generated passwords (Programming)
- Graphing tool: Gnuplot (Linux)
- Linux commands with browsing and downloading files (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.