Wei Xiong

2009-01-01

Abstract:With the speedy developing of computer technology ,the consumer quantity of internet intranet rapidly increasing, and the research, implement, and application of the new service of the network. The network security of computer is becoming Important day by day, and this is a key factor which has influenced the deeply development for network. Past the security protection of the most traditional firewall mechanism However, as networks and technological development, the traditional firewall has gradually failed to meet security needs. This paper has brought traditional firewall problems Based on the Kerberos authentication Distributed firewall new architecture, preservation of traditional firewall merits on the basis of the traditional firewall solution to the hidden dangers.Among the main research work are : (1)to the Kerberos protocol to the foundation Comprehensive network security software algorithm rational use of firewall related knowledge and to the internal security of distributed network firewall systems; (2)structure is built to a modular design and the use of a simplified, based on the public key of the Kerberos protocol, transparent certification;(3)the integrated use of security authentication, access control, authorization, confidentiality, audited and centralized management and other network security technology, which not only satisfies the reliability of the system performance, Management can achieve operational flexibility. Of massive internal network users need to focus on the protection of network resources to provide a manageable, distributed network security environment.

L Cai,Xh Yang

DOI: https://doi.org/10.1109/ICSMC.2005.1571196

2005-01-01

Abstract:More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional firewalls, used for protecting the database, only prevent attacks searching for vulnerabilities. Database firewalls take defense deep into the organization by providing full syntax control and audit of the SQL AN stream before it reaches the database, and enforcing content-driven access to database. This paper proposes a layered reference model for database firewalls by enhancing the capability of COAST Laboratory's model. It separates a database firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a database firewall product had been prototyped It can greatly improve the database security by introducing self-controlled authentication principal mapping, object mapping, and mandatory access control modules.

Hui Yuan,Lei Zheng,Shuang Qiu,Xiangli Peng,Yuan Liang,Yaodong Hu,Guoru Deng

DOI: https://doi.org/10.1007/978-3-030-15235-2_142

2019-04-25

Abstract:With the rapid development of the network, in recent years, the Internet has greatly improved people’s lives, and the real-time, sharing and distance-removing characteristics of network information transmission have made the operation and management of enterprises more efficient and coordinated. The basis of refinement. At the same time, various network security incidents have followed, such as hacker attacks on computer network systems, and various types of viruses, Trojans and other active attacks emerge one after another. In this regard, this paper analyzes the enterprise network security system of firewall from the perspective of enterprise network security, briefly summarizes the background, advantages and disadvantages of firewall technology, and designs and implements a client software according to the actual needs of users. The network performs real-time intelligent security monitoring. After the system design is completed, the security is tested by building a simulation platform, including qualitative testing and quantitative testing, which are divided into security and performance to verify whether the system can achieve and guarantee performance.

Linquan Xie,Fei Yu,Chen Xu

DOI: https://doi.org/10.4304/jcp.7.12.3110-3115

2012-01-01

Journal of Computers

Abstract:With the growth of Internet, network security has received significant attention over pass ten years due to the increasing threat of hacker attacks. To achieve security goals, most corporate environments have deployed firewalls to block the intrusion. However, traditional firewalls only provided static filleting analysis so that they can not analyze the content of data packet for providing dynamic security requirement. In order to address this issue, in this paper, we integrate the traditional firewalls with intrusion detection technologies. The proposed can provides dynamic security defense by atomically updating the policies based on the detection condition.

Ge-mei ZHU,Chuan-hua ZHOU,Bao-hua ZHAO

DOI: https://doi.org/10.3969/j.issn.1000-7024.2001.01.004

2001-01-01

Abstract:With the rapid development of the computer network, the problem of network security is becoming more and more outstanding. Starting with the analysis of current INTRANET security, this paper dissected the weakness of normal network firewall system, and exploratively proposed a safe and united framework scheme of computer network firewall system.

Xiaorong Gao

2003-01-01

Abstract:With the constant development of the application of computer network, the network security is more and more important. This paper discusses the key techniques of network security and shows how to build a firewall based on Linux. Besides, it gives prospects for the development of future firewall.

Wei Chen,Yantao Wang,Xin Yue

DOI: https://doi.org/10.1109/PACIIA.2009.5406566

2009-11-01

Abstract:This paper analyzes the computer network security features and the main threat, synthesis the firewall technology of current domestic and international, on the basis of various firewalls' principles, advantages and shortcomings. Through the synthesis and compare of various techniques, in-depth study of the main factors affection firewall performance, combined with the network status quo of Heilongjiang Provincial Center, this paper researches the firewall technology of the actual application in the computer network security, then refers the new technique called tight coupling firewall, finally the article leads to a lack of firewall technology and the direction of its development.

Computer Science

QI Yu,SHEN Yong-jun,YANG Yu-liang

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.21.019

2010-01-01

Abstract:The current network security systems are always designed with special technology and function is one-fold.It is difficult to ensure that the network security systems could provide sufficient security for the network and service.Based on this,a cooperation defence system is built. It integrates firewall,intrusion protection,honeypot and use Agent into firewall and intrusion protection system,thus can form one kind of safe protection interaction system with effective interaction,enhance the whole safety performance enormously.

Chang-jie WANG,Hao QIN,Yu-Min WANG

DOI: https://doi.org/10.3321/j.issn:0254-4164.2001.02.017

2001-01-01

Abstract:With the development of computer science and the popularization of Internet, security has become one of the primary concerns when an organization connects its private network to the Internet. Regardless of the business, an increasing number of users on private networks are demanding access to Internet services such as the WWW, Internet Mail, and FTP. In addition, corporations want to offer WWW home pages and FTP servers for public access on the Internet. To perform the above application in security, building a firewall system between the private network and Internet is an approval suggestion. At the same time, the proposal of IPv6 (Internet Protocol version 6), will solve the security problems existed in current IP protocol, such as providing authentication and encryption for every packet at network layer. However, the adoption of IPv6 will also affect the security of current firewall mechanism. A simple example is that: a malicious exterior host computer can make a connection with the inner computer with tunnel mode ESP without being discovered by the normal firewall. In this paper, we give a frame of designing firewall system based on IPv6. Furthermore, an improvement of three kinds of firewall systems (i.e. Packet-filtering router, Screened host firewall system and Screened-subnet firewall system) is proposed. With our improvement, the Packet-filtering router system can implement a simple authentication to the IPv6 packet. The Screened host firewall system can perform not only the functions of existing firewall systems such as packet-filter and application proxy, but also the functions as the authentication of source address of the IP packet, integrity test of data and secrecy of packet. The Screened-subnet firewall system will implement the security request of inner network.

李剑,刘美华,曹元大

DOI: https://doi.org/10.3969/j.issn.1009-6094.2002.01.017

2002-01-01

Abstract:In this paper, we put forward a potential blue print for distributed firewalls system in information security field. From the new environment of network application, it introduces the defects of traditional perimeter firewall. Then, we gove the fundamental and the products of distributed firewalls. The principle of host firewall in the distributed firewalls system is mainly analyzed. In the end, the resolvent of many kinds of problems in the distributed firewalls system and the mixed firewalls are presented in this paper.

Bo Wang,Ping Zhu,Qiaoyan Wen,Xiaojun Yu

DOI: https://doi.org/10.1109/cnmt.2009.5374492

2009-01-01

Abstract:With the rapid development of network technology, a variety of new attack methods to the network come out endlessly. Traditional firewalls, depending on the static feature data base, have more and more limitations to these attacks. To alleviate this problem, in this paper we propose a honeynet- based firewall scheme with initiative security strategies. In this scheme, the data-analyzing module can timely discover new attack behaviors by analyzing the output result of honeynet with data-mining technology, and furthermore, according to these findings the rule-learning module can dynamically create new defend rules and apply these rules to the firewall. In this way, the firewall keeps enriching its security strategies that greatly enhance its ability to defend new attacks. This paper gives a detailed description and discussion on the new firewall scheme. Compared with other joint-defense technologies, our firewall scheme has more advantages, can response more quickly and accurately to the unknown attacks and being more secure for internal.

Ning Li,Qing Wang,Zhongliang Deng

DOI: https://doi.org/10.1109/icbnmt.2010.5705179

2010-01-01

Abstract:With the development of computer network, its security problem has been urgent at present. Authentication is an important part in the network security. It can prevent illegal user from accessing network. Traditional authentication method is password. But it cannot resist dictionary and playback attack. This paper would design an authentication framework which is effective and security by using LDAP and Kerberos. The problems of existing network are distributed resources, independent certification of each system, a serious duplication of user information, etc. By analyzing existing networks problems, users' needs, and the current internet technology, we describe an authentication framework of IIEDNS based on LDAP & Kerberos to meet the requirement of IOT. It solved the issues of information efficiency and security of information sharing. This framework provides an effective and secure scheme for the authentication on IIEDNS.

Jin Wen,Shigong Long

2004-01-01

Abstract:This paper points out that the threat of being attacked by password guessing attacks in the Kerberos protocol according to the fact that customers can elicit sharing keys by inputting password, and puts forward an improved authentication protocol by means of Diffie-Hellman key exchanging method. It also puts forward a security model for distributive campus network accordingly.

王伟,曹元大

DOI: https://doi.org/10.3321/j.issn:1000-8608.2003.z1.006

2003-01-01

Abstract:This paper indicates the limitation of traditional firewall and presents the key techniques of distributed firewall, and designs an XML-based network information description way and a hierarchical network security management platform to integrate the distributed firewall. The distributed firewall forms a network safeguard system by overcoming the traditional firewall limitation of depending on network topology.

ZHANG Xu

DOI: https://doi.org/10.3969/j.issn.1006-4052.2010.14.051

2010-01-01

Abstract:With the increasingly and widespread use and development of Internet technology and network,the campus network has been spread in many colleges and universities,while the security and confidentiality of the campus network construction is becoming the key technology.The current issues are the use of firewall technology and the security and information security,to achieve effective protection in security of the campus network.

Chen Liang

Abstract:Text information on the content of network security and the fundamental changes, expounding China's development of national information security system and the importance of the establishment of China's network security system with the need. On the network firewall security technology and the classification of the main technical characteristi.

Engineering,Computer Science

Xinzhou He

DOI: https://doi.org/10.1088/1742-6596/1744/4/042037

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract In the era of rapid network development. Its security has attracted much attention. In order to improve the security of computer network. Firewall as one of the most effective technologies. His development has also attracted people’s attention. This article will further analyse firewall technology. I hope you can get some inspiration from it.

YANG Xin,LI Hui,QUE Jianming,MA Zhentai,LI Gengxin,YAO Yao,WANG Bin,JIANG Fuli

DOI: https://doi.org/10.11896/jsjkx.220600265

2023-01-01

Abstract:Traditional IP-based Internet offers an end-to-end data transport service and has developed rapidly in the past half-century.However,serious security incidents emerged from attacks based on traditional networks.Traditional security mechanisms(e.g.,firewalls,intrusion detection systems) enhance security.However,most of them only provide some remedial strategies rather than solve the address-security problem radically due to the lack of change in network design.The overall in-depth security of the networked system cannot be guaranteed without a fundamental change.In order to meet the development requirements of the next generation of an endogenous security network,one of the future networks,the multi-identifier network(MIN),is introduced as our research background.This paper proposes an efficient scheme in hieratical architecture that provides comprehensive protection by addressing the security aspects pertaining to the network and application layers.At the network layer,the proposed architecture develops a multi-identifier routing scheme with embedded identity-based authentication and packet signature mechanisms to provide data tamper-resistance and traceability.At the application layer,the proposed architecture designs a mimic defensive scheme combined with weighted network centrality measures.This scheme focuses on protecting the core components of the whole network to improve the service's robustness and efficiently resist potential attacks.This paper tests and evaluates the proposed scheme from a theoretical and practical perspective.An analytical model is built based on the random walk for theoretical evaluation.In experiments,the proposed scheme is developed in MIN as MIN-VPN.Then considering IP-VPN as a baseline,anti-attack tests are conducted on IP-VPN and MIN-VPN.The results of theoretical evaluations and experiments show that the proposed scheme provides excellent transmission performance and successful defense against various TCP/IP-based attacks with acceptable defensive cost,demonstrating this security mechanism's effectiveness.In addition,after long-period penetration testing in three international elite security contests,the proposed method is effectively immune to all TCP/IP-based attacks from thousands of professional teams,thus verifying its strong security.

Peng Qian-la,Zhitang Li

2003-01-01

Abstract:Vulnerability exists in distributed systems for their loosely-coupled structures in physical distribution. Within the system, membership is dynamic and data transfer is insecure. Thus the security problem of a distributed system itself occurs. In the case of a distributed firewall system, this paper presents a secure framework and a practical mechanism, which finally implements the security of the system itself.

Lan Jiang

DOI: https://doi.org/10.1088/1742-6596/1744/3/032137

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract The rapid development of The Internet brings convenience to people, but also brings some problems to people. The danger of information pollution and destruction is becoming more and more serious, in order to reduce the loss of confidence and security to people. People have studied firewall technology. The use of firewall technology provides a reliable guarantee for protecting the security of data and resources. This paper mainly discusses the application of firewall technology in computer network security from the aspects of network security, the general situation and types of firewall [1] .