English  |  正體中文  |  简体中文  |  Items with full text/Total items : 57064/90742 (63%)
Visitors : 12479986      Online Users : 176
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/74417

    Title: 準網路實體隔離技術之研究與實現
    Other Titles: Research and implementation of quasi physical isolation network
    Authors: 曾光毅;Tseng, Kuang-Yi
    Contributors: 淡江大學資訊管理學系碩士班
    梁德昭;Liang, Te-chao
    Keywords: 網路實體隔離;Physical Isolation
    Date: 2011
    Issue Date: 2011-12-28 18:35:26 (UTC+8)
    Abstract: 本研究為實現網路實體隔離中協定隔離的方法,又因實現過程中無使用開關方式的網閘,我們將這樣的架構稱為準網路實體隔離架構。準網路實體隔離技術使用通訊協定隔離的網路屏蔽技術。透過通訊協定不同,讓資料的傳輸過程不存在一個實際的TCP/IP連線,達成網路屏蔽的效果。
    有別於一般屏蔽技術是利用黑名單阻擋的方式,此種屏蔽技術在傳遞資料時,是透過白名單的方式將信任的應用程式或通訊協定來傳遞。這樣可以阻擋機敏網路中因使用者使用習慣而產生的蠕蟲攻擊無效。而透過協定的隔離,我們可以防止IP協定中利用Optional data欄位中產生的各樣攻擊行為,例如ICMP attack,來威脅我們的機敏網路。
    This research is to implement the protocol isolation of the physical isolation net-work. Because of the implementation process without using physical switching gate-way, we will call that the quasi physical isolation network. Quasi physical isolation network technology is using internet protocol isolation technology. Through different protocols, data transmission does not exist a real TCP/IP connection, to reach the network shielding.
    Unlike ordinary shielding technology blocking connections use blacklists. This shielding technology passes connections using white lists of trusted applications or protocols. In this way, we can block worms due to bad user habits. And through the protocol of separation, we can prevent attack from using Optional data field in IP protocol, such as ICMP attack.
    We can use this architecture in the sensitive information confidential in the pres-ence of the local area network, so sensitive information would not outflow because of the network connection. Comparing with traditional firewalls, quasi isolation network can block threats and attacks which exercise shortcoming of TCP/IP modules. We use VM systems to Implement and use virtual bridges between two virtual machines to ensure two virtual machines has privacy tunnel.
    Appears in Collections:[Graduate Institute & Department of Information Management] Thesis

    Files in This Item:

    File SizeFormat

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback