淡江大學機構典藏:Item 987654321/101614
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 62805/95882 (66%)
造訪人次 : 3941044      線上人數 : 1063
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/101614


    題名: 網路防火牆規則驗證之研究
    其他題名: A study of firewalls rules verification
    作者: 姜順瀚;Chiang, Shun-Han
    貢獻者: 淡江大學資訊管理學系碩士班
    梁德昭;Liang, Te-Chao
    關鍵詞: 防火牆;抽象防火牆;異常規則;firewall;Abstract Firewall;Anomaly
    日期: 2014
    上傳時間: 2015-05-01 16:12:11 (UTC+8)
    摘要: 近年來資料被駭客竊取事件層出不窮,防火牆乃是網路安全中重要的環節之一,負責篩選不必要的網路連線來保護組織內部網路。防火牆過濾封包的機制是透過存取控制清單(Access Control List; ACL)內紀錄的規則做決定,當有兩條或是兩條以上的規則符合過濾條件,以優先權較大的規則做為執行動作,故對於存取控制清單內的規則、規則的順序與存取控制清單的部署都必須要小心謹慎。當防火牆過濾規則產生了非預期的行為,本文將會造成此現象的規則稱為異常規則(Anomaly Rule)。本論文的目標是在知道多防火牆間網路拓樸的狀況下,透過抽象防火牆模型,將網路拓樸中的各個防火牆轉化成對應的抽象防火牆(Abstract Firewall; AFW),再將各個抽象防火牆經由循序路徑驗證及平行路徑驗證,去驗證多防火牆間的規則是否有異常規則存在,若存在異常規則,通知網路管理人員修改,修改完成後即為代表此網路拓樸的抽象防火牆。藉由此抽象防火牆作為中介,讓網管人員可以透過此抽象防火牆檢驗防火牆網路的正確性。
    In recent years, data theft by hackers continuously occurrence. Firewall is an important part of network security, it is responsible for filtering unnecessary network connections to protect organization''s internal network.Firewall mechanism for filtering packets is through the records rules in the ACL to make a decision.Firewall mechanism for filtering packets is through the records rules in the ACL to make a decision.therefore, the rules in the ACL and the rules order and the ACL deployment all must have to be careful. Unexpected behavior when the firewall filtering rules, in this article we call the rule as Anomaly Rule.The goal of this paper is in knowing the multi-firewalls under the condition of network topology, by the abstract firewall model, we transforms each firewall in network topology to the correspondence abstract firewall (AFW), then each AFW by way of sequential path validation and parallel path validation to verify rules between multi-firewalls whether there exists anomaly rules, if exists anomaly rules,notify the network administrators to modify, after the modification is completed, it''s represent the AFW of this network topology. By this AFW as an intermediary, enabling the network administrators to go through this AFW to ckeck accuracy of firewalls network.
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    index.html0KbHTML198檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋