English  |  正體中文  |  简体中文  |  Items with full text/Total items : 51946/87076 (60%)
Visitors : 8499034      Online Users : 218
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/101614

    Title: 網路防火牆規則驗證之研究
    Other Titles: A study of firewalls rules verification
    Authors: 姜順瀚;Chiang, Shun-Han
    Contributors: 淡江大學資訊管理學系碩士班
    梁德昭;Liang, Te-Chao
    Keywords: 防火牆;抽象防火牆;異常規則;firewall;Abstract Firewall;Anomaly
    Date: 2014
    Issue Date: 2015-05-01 16:12:11 (UTC+8)
    Abstract: 近年來資料被駭客竊取事件層出不窮,防火牆乃是網路安全中重要的環節之一,負責篩選不必要的網路連線來保護組織內部網路。防火牆過濾封包的機制是透過存取控制清單(Access Control List; ACL)內紀錄的規則做決定,當有兩條或是兩條以上的規則符合過濾條件,以優先權較大的規則做為執行動作,故對於存取控制清單內的規則、規則的順序與存取控制清單的部署都必須要小心謹慎。當防火牆過濾規則產生了非預期的行為,本文將會造成此現象的規則稱為異常規則(Anomaly Rule)。本論文的目標是在知道多防火牆間網路拓樸的狀況下,透過抽象防火牆模型,將網路拓樸中的各個防火牆轉化成對應的抽象防火牆(Abstract Firewall; AFW),再將各個抽象防火牆經由循序路徑驗證及平行路徑驗證,去驗證多防火牆間的規則是否有異常規則存在,若存在異常規則,通知網路管理人員修改,修改完成後即為代表此網路拓樸的抽象防火牆。藉由此抽象防火牆作為中介,讓網管人員可以透過此抽象防火牆檢驗防火牆網路的正確性。
    In recent years, data theft by hackers continuously occurrence. Firewall is an important part of network security, it is responsible for filtering unnecessary network connections to protect organization''s internal network.Firewall mechanism for filtering packets is through the records rules in the ACL to make a decision.Firewall mechanism for filtering packets is through the records rules in the ACL to make a decision.therefore, the rules in the ACL and the rules order and the ACL deployment all must have to be careful. Unexpected behavior when the firewall filtering rules, in this article we call the rule as Anomaly Rule.The goal of this paper is in knowing the multi-firewalls under the condition of network topology, by the abstract firewall model, we transforms each firewall in network topology to the correspondence abstract firewall (AFW), then each AFW by way of sequential path validation and parallel path validation to verify rules between multi-firewalls whether there exists anomaly rules, if exists anomaly rules,notify the network administrators to modify, after the modification is completed, it''s represent the AFW of this network topology. By this AFW as an intermediary, enabling the network administrators to go through this AFW to ckeck accuracy of firewalls network.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    There are no files associated with this item.

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback