专用隔离系统的设计与实现
发布时间:2019-03-03 11:01
【摘要】:在计算机网络技术飞速发展的今天,政府、军队、金融以及企业的信息化建设步伐不断加速,计算机网络技术在其中得到越来越广泛的应用。信息技术在给政府、军队、金融以及企业的建设与工作带来更高的工作效率,同时也带来了巨大的信息安全风险。加强专用网络的网络安全任务已经变得刻不容缓。 为满足专用网络对于网络的高安全性与通信的高效性的需求,本文提出一种Linux上实现的专用隔离系统的具体的设计与实现。专用隔离系统为专用网和民用网之间提供隔离服务,可以为专用网和民用网之间的安全通信提供屏障。系统利用包过滤技术、协议分析技术等技术,可以实现对流入专用网的数据流的识别与监控,并将检测结果传入系统维护模块,以便于进行各种相应的分析和决策,以提高网络通信质量与健康水平。专用隔离系统对通过检测的数据和语音媒体等数据包,以最小的延迟路由到专用网内对应的主机或服务器,从而完成专用网和民用网之间的通信。 鉴于目前常见防火墙系统技术单一,难以抵御多种复杂攻击,配置与使用缺乏灵活性与易用性等问题,专用隔离系统结合多种防护技术,针对网络体系结构的多层进行安全防护处理,并对每一层的数据包进行检测与监控,同时提供友好灵活的控制界面。系统被划分为以下五个子系统进行设计与代码实现: 1、数据交互,负责数据的透明转发。 2、网络层/传输层数据防护,完成阻塞管理与流量控制功能。 3、应用层数据防护,负责应用层数据的检测与防护。该子系统给出了一种基于DPI(深度报文检测)技术的用户态防火墙实现方法,可以对应用层协议的报文进行特征分析、检测与过滤。系统中以SIP协议的数据安全防护为例进行功能实现。 4、系统监控,负责系统运行数据的记录、监控与分析。 5、系统交互,完成用户交互功能。 专用隔离系统对于一些技术的设计解决具有独创性,满足用户需求,具有实际的应用意义。
[Abstract]:With the rapid development of computer network technology, the information construction of government, army, finance and enterprises is accelerating, and the computer network technology is widely used in it. Information technology brings more efficiency to the construction and work of government, army, finance and enterprises, and also brings great risk of information security. It is urgent to strengthen the network security task of private network. In order to meet the requirements of private network for high security and high efficiency of communication, this paper presents a specific design and implementation of a special isolation system based on Linux. Special isolation system provides isolation service between private network and civil network, and provides a barrier for secure communication between private network and civil network. By using packet filtering technology and protocol analysis technology, the system can identify and monitor the data flow flowing into the private network, and pass the detection results into the system maintenance module, so as to facilitate the corresponding analysis and decision-making. In order to improve network communication quality and health level. The special isolation system can route the data packets through the detected data and voice media to the corresponding host or server in the private network with minimal delay so as to complete the communication between the private network and the civil network. In view of the current common firewall system technology is single, difficult to resist a variety of complex attacks, configuration and use of lack of flexibility and ease of use and other issues, dedicated isolation system combined with a variety of protection technologies, According to the multi-layer of network architecture, security protection processing is carried out, and the data packets of each layer are detected and monitored. At the same time, the friendly and flexible control interface is provided. The system is divided into the following five subsystems for design and code implementation: 1, data interaction, responsible for transparent data forwarding. 2, network layer / transport layer data protection, complete congestion management and flow control function. 3, application layer data protection, responsible for application layer data detection and protection. This sub-system provides a user-state firewall implementation method based on DPI (Deep packet Detection) technology, which can analyze, detect and filter the message of application layer protocol. The system takes the data security protection of SIP protocol as an example to carry on the function realization. 4, system monitoring, responsible for system operation data recording, monitoring and analysis. 5, system interaction, complete user interaction function. The special isolation system is original for the design and solution of some technologies, which meets the needs of users and has practical application significance.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2433637
[Abstract]:With the rapid development of computer network technology, the information construction of government, army, finance and enterprises is accelerating, and the computer network technology is widely used in it. Information technology brings more efficiency to the construction and work of government, army, finance and enterprises, and also brings great risk of information security. It is urgent to strengthen the network security task of private network. In order to meet the requirements of private network for high security and high efficiency of communication, this paper presents a specific design and implementation of a special isolation system based on Linux. Special isolation system provides isolation service between private network and civil network, and provides a barrier for secure communication between private network and civil network. By using packet filtering technology and protocol analysis technology, the system can identify and monitor the data flow flowing into the private network, and pass the detection results into the system maintenance module, so as to facilitate the corresponding analysis and decision-making. In order to improve network communication quality and health level. The special isolation system can route the data packets through the detected data and voice media to the corresponding host or server in the private network with minimal delay so as to complete the communication between the private network and the civil network. In view of the current common firewall system technology is single, difficult to resist a variety of complex attacks, configuration and use of lack of flexibility and ease of use and other issues, dedicated isolation system combined with a variety of protection technologies, According to the multi-layer of network architecture, security protection processing is carried out, and the data packets of each layer are detected and monitored. At the same time, the friendly and flexible control interface is provided. The system is divided into the following five subsystems for design and code implementation: 1, data interaction, responsible for transparent data forwarding. 2, network layer / transport layer data protection, complete congestion management and flow control function. 3, application layer data protection, responsible for application layer data detection and protection. This sub-system provides a user-state firewall implementation method based on DPI (Deep packet Detection) technology, which can analyze, detect and filter the message of application layer protocol. The system takes the data security protection of SIP protocol as an example to carry on the function realization. 4, system monitoring, responsible for system operation data recording, monitoring and analysis. 5, system interaction, complete user interaction function. The special isolation system is original for the design and solution of some technologies, which meets the needs of users and has practical application significance.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 陈启美,张国强,薛健;MPLS-VPN工作特性[J];电力自动化设备;2002年10期
2 景峰;;信息系统等级保护安全域隔离技术的探讨[J];山西电力;2010年05期
3 刘建志;田志宏;;基于Netfilter框架和IP Queue机制的轻量级网络防火墙实现[J];智能计算机与应用;2012年04期
4 蔡东蛟;;安全隔离与信息交换系统实现机理与应用[J];信息技术;2007年12期
5 董昱;马鑫;;基于netlink机制内核空间与用户空间通信的分析[J];测控技术;2007年09期
6 夏峗;李志蜀;;基于Hibernate框架的数据持久化层的研究及其应用[J];计算机应用;2008年09期
7 马永杰,刘建平,陈仲明;网际数据隔离器的设计与实现[J];计算机应用研究;2003年02期
8 马素刚;;VLAN技术的研究与仿真[J];制造业自动化;2011年22期
9 吴泽鸿;寇净磊;鲁云军;;多Agent防火墙研究[J];科技信息;2009年12期
10 孙旭东;卢建军;任敏;;基于NAT跳转与ACL控制技术的安全策略研究[J];煤炭技术;2010年08期
,本文编号:2433637
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2433637.html
