Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Distributed Firewall Design on Linux platform     - Android components series Activity (Programming)

- Linux system Iptables Firewall User Manual (Linux)

- Singleton (Linux)

- C ++ stderr / stdout redirected to a file (Programming)

- Fedora 20, Fedora 19, CentOS 6 and RHEL6 users how to install Wine 1.7.15 (Linux)

- AngularJS - Getting Started with Routing (Programming)

- Linux Getting Started tutorial: build your own Vim (Linux)

- OpenGL ES 3.0 vertex buffer (Programming)

- Linux Regular expressions grep and egrep (Linux)

- To install PostgreSQL 9.4 (Database)

- JavaScript object - Flexible and dangerous (Programming)

- Linux ls command (Linux)

- Linux Powerful IDE - Geany configuration instructions (Linux)

- Linux installation skynet issue summary (Linux)

- PostgreSQL 9.3.5 database installation under Ubuntu Server 14.04 (Database)

- Ubuntu 14.04 Configuring cuda-convnet (Linux)

- MySQL how to export files with the date format (Database)

- RedHat 6.5 installation and deployment Openfire (Server)

- MySQL database to open a remote connection method (Database)

- Linux shared libraries .so file name and Dynamic Link (Linux)

 
         
  Distributed Firewall Design on Linux platform
     
  Add Date : 2017-08-31      
         
         
         
  1 traditional firewall and Defects

Firewall means disposed between different networks or network security domains, according to some security policy to the implementation of a communication network between the combination of a series of components of access control.

Firewall in the traditional sense refers to the border firewall, the network will be divided into internal networks and the Internet in two parts. It is the only entrance and exit between network information transmission, according to the security policy control (allow, refuse, monitor) access to network information flow, and itself has a strong anti-attack capability. It is to provide information security services, it is important, basic safety devices for network and information security. Logically, a firewall is a separator, a limiter, is a parser to effectively monitor the activities of any of the internal network and the Internet to ensure that the internal network security.

Traditional firewalls limit depends on the topology of the network, it assumes that all hosts on the Internet are trusted, all hosts out online are credible. When the network topology restrictions in accordance with this model worked well; However, with the expansion of internet access and new network applications, this model more and more flaws exposed, facing great challenges . Main features:

(1) to bypass the firewall attacks powerless; if the firewall rules set up properly, all hosts on the Internet will be exposed to direct attacks from the outside.

(2) Since all trusted hosts in the Internet, and malicious attacks from within the network, unauthorized access or inadvertent misuse, "turning a blind eye."

(3) potential communication bottlenecks and single points of failure.

(4) with end to end encryption (such as VPN) conflict.

(5) Dependent on the network topology, we can not support mobile computing.

In order to overcome the above drawbacks, resulting in the concept of "distributed firewall" (Distributed Firewall) is.

2 Distributed Firewall

But by multiple host-based centralized management and configuration of firewall composition distributed firewall. In a distributed firewall, centralized security policy is still defined, but the implementation of each separate network endpoint (such as a host, router).

Distributed firewall contains three essential components:

(1) description language security policy.

(2) safe release mechanism policy.

(3) application of policy implementation mechanisms.

Security policy language defines which communication is permitted and what is prohibited communication, it should support multiple types of applications, but also supports the right to delegate and identification. Strategic planning after being published to the network endpoint. Policy distribution mechanism should ensure that the policy during transmission integrity and authenticity. Policy released a variety of ways, can "push" system to the terminal, the terminal can be obtained on request, it can also be provided to the user in the form of certificates. Located on policy enforcement mechanisms to protect the host, before processing out of communication, it queries the local policy and then make a decision to allow or prohibited.
     
         
         
         
  More:      
 
- Linux using DenyHosts prevents ssh cracks (Linux)
- grep command usage (Linux)
- Help you make Git Bisect (Linux)
- To install Xen in Ubuntu 12.04 (Linux)
- Update GAMIT10.6 command (Linux)
- CentOS 7.0 local address and configure yum source address priority (Linux)
- Print Linux system error codes (Linux)
- The next key to install Linux bash script PowerShell (Linux)
- Row-level security and application-level solutions for the new features of PostgreSQL9.5 (Database)
- Source install Python3.4 on CentOS (Linux)
- Ubuntu installed Komodo editor by PPA (Linux)
- Ubuntu 14.04, 13.10 install OpenCV 2.4.9 (Linux)
- awk pattern matching (Programming)
- ORA-12545: Connection failed because the target host or object does not exist (Database)
- Ubuntu Tutorial: E: Failed to get lock / var / lib / apt / lists / lock - open (Linux)
- Linux SVN account password to save your settings (Linux)
- How screenshots from the Linux command line (Linux)
- Four IDS intrusion detection tool under Linux environment (Linux)
- The difference between Objective-C language nil, Nil, NULL, NSNull (Programming)
- Root of AVL Tree- achieve balanced search trees AVL tree (Programming)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.