為了減少眾多資訊安全事件所帶來的危害,許多的組織在網際網路與組織內部網路之間建立網路防火牆作為防禦之用,如此無法預防另一半由組織內部所引起的資訊安全事件。此外,單有網路防火牆並不能做好資訊安全事件的防範,更重要的是訂定適當的網路防火牆政策並且架構符合政策的網路防火牆。 本研究將網路防火牆的屬性及特質,抽象成網路防火牆抽象模型,再依據網路防火牆抽象模型,提出網路防火牆政策正規化模式及網路防火牆模型圖,用來協助分析網路防火牆政策及網路防火牆架構。 在網路防火牆政策正規化模式中,可以將網路服務存取政策分析為網路防火牆設計政策,並且依據安全政策的意義,將效果重複的政策刪減。網路防火牆模型圖用來表示安全政策中網路實體的關聯性,以及網路實體與網路防火牆實體的關聯性,可以表示出完全達到安全政策要求,而且規則不重複的網路防火牆架構,使人容易明瞭實體之間的關係。 在規劃組織網路時,網路防火牆政策正規化模式及網路防火牆模型圖可以協助規劃符合組織安全政策的網路架構。若在現有網路架構的情況下,搭配既成的網路拓樸,網路防火牆在現有網路架構中可能配置的位置,可以明確的被推斷出來。在配置有網路防火牆的網路架構下,同樣可以利用網路防火牆政策正規化模式與網路防火牆模型圖,重新檢視組織網路配置的適當性。 In order to reduce a lot of damage from information security incidents, there are many organizations set up firewalls between internet and intranet for protecting. However, that is not preventing the half information security incidents causing by inner organization. Besides, the precautions of information security incidents can not be done well if only use firewalls. Ordering suitable firewall policies and building firewalls that are conforming to policies is more important. This research abstracts firewall model from the attributes and specialties of firewalls, then according firewall model to bring up Firewall Policies Normalization Model and the Drawings of Firewall Architecture. This model assists to analyze firewall policies and firewall architecture. Using Firewall Policies Normalization Model can transfer network service policy into firewall design policy, and according the meaning of firewall policies to delete the redundancies. The Drawings of Firewall Architecture are showing the connection of protected entities in security policies, and the connection between protected entities and firewall entities. It is showing a firewall architecture conforming the meaning of all security policies and have no redundancy. It will make people understanding the relation between entities and entities easier. When planning network architecture of organization, the Firewall Policies Normalization Model and the Drawings of Firewall Architecture can assist planning networks architecture which is conforming security policies. In the condition of having network topology, where the firewalls should be implemented can be inferred clearly. Under the network topology of configuring firewalls, we can use Firewall Policy Normalization Model and Drawings of Firewall Model to review the suitableness of network topology of organization.
