期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于IPv6的分布式智能防火墙系统的设计与实现 被引量:2

Design and Implementation of Distributed Intelligent Firewall Based on IPv6
下载PDF
导出
摘要 针对目前IPv6环境下缺乏应用层内容过滤防火墙的现状,设计并实现了一种IPv6分布式智能防火墙原型系统.该系统通过网络层策略规则,可对IPv4和IPv6共有攻击以及IPv6特有攻击进行拦截,通过应用层策略规则,可阻拦非法、反动的网页数据.原型系统的智能性确保整体网络的策略快速主动共享.经实验测试,该原型系统能完成上述功能,并且性能良好. IPv6, as the alternative of IPv4, contains numerous features and improvements that make it attractive from a security perspective, but it is by no means the panacea for security. This paper presents the design and implementation of a distributed intelligent firewall system based on IPv6, which is able to secure the network layer and application layer of IPv6 networking. By the system, the typical attacks coexisting in both IPv4 and IPv6, the emerging IPv6 specific ones such as security threats related to ICMPv6, can be blocked by the rule set of network layer. Similarly, with the rule set of application layer, any illegal or reactionary Web page content in HTML source codes can be totally prevented from sneaking into the Intranet. The initiative drift mechanism ensures the legitimacy and civilization of the Web environment within the whole IPv6 networking.
作者 刘增辉 赖英旭 杨震 马乾
机构地区 北京电子科技职业学院工程技术系 北京工业大学计算机学院
出处 《北京工业大学学报》 EI CAS CSCD 北大核心 2011年第12期1896-1902,共7页 Journal of Beijing University of Technology
基金 北京市教育委员会基金资助项目(KM200810005030)
关键词 下一代互联网协议(IPv6) 防火墙 网络安全 Internet Protocol version 6 (IPv6) firewall network security
分类号 TP309.5 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献9

  • 1CYNTHIA M, JEFFREY D. Internet Protocol version 6 (IPv6) protocol security assessment [ C ]//Proceedings of 2007 Military Communications Conference. Orlando: Institute of Electrical and Electronics Engineers, 2007, 29: 1-7.
  • 2HONGSEOK J, JUNGHOON J. IPv6 neighbor discovery protocol for common prefix allocation in IEEE 802. 16 [ C ] // Proceedings of the 8th International Conference on Advanced Communication Technology. Phoenix Park: Institute of Electrical and Electronics Engineers, 2006 ( 3 ) : 1661-1663.
  • 3SABIR M R, FAHIEM M A, MIAN M S. An overview of IPv4 to IPv6 transition and security issues[ C ] JJProceedings of 2009 WRI International Conference on Communications and Mobile Computing. Kunming: Institute of Electrical and Electronics Engineers, 2009 (3) : 636-639.
  • 4JUNG B H, LIM J D, KIM Y H, et al. An analysis of security threats and network attacks in IPv6 [ J]. Electronics and Telecommunications Trends, 2007, 22 (1) : 37-50.
  • 5ZAGAR D, GRGIC K, RIMAC-DRLJE S. Security aspects in IPv6 networks[ J]. Computers and Electrical Engineering, 2007 (33) : 425-437.
  • 6CAICEDO C E, JOSHI J B D, TULADI4AR S R. IPv6 security challenges[ J]. Computer, 2009, 42(2) : 36-42.
  • 7张玉健,张月琳.基于PKI的IPv6安全邻居发现协议[J].计算机工程,2008,34(8):187-189. 被引量:4
  • 8周增国,李忠明.Linux平台下Netfilter/Iptables包过滤防火墙的研究与应用[J].网络安全技术与应用,2008(1):49-50. 被引量:8
  • 9JONES A. Netfilter and IPtables : astructural examination [ EB/OL ]. [ 2004- 02- 26 ]. http ://www. sans. org/reading room/ whitepapers/firewalls/netfilter-iptables-structural-examination-1392.

二级参考文献8

  • 1赵海全,曾祥萍.基于Linux系统的校园网安全设计方案[J].电脑与信息技术,2004,12(2):41-44. 被引量:3
  • 2潘瑜.基于Linux环境的网络安全防火墙和入侵检测系统的研究[J].江苏技术师范学院学报,2005,11(2):37-42. 被引量:3
  • 3Narten T, Nordmark E, Simpson W. Neighbor Discovery for IP Version 6(IPv6)[S]. RFC246:1, 1998-12.
  • 4Nikander R Kempf J, Nordmark E. IPv6 Neighbor Discovery(ND) Trust Model and Threats[S]. RFC 3756, 2004-05.
  • 5Arkko J, Kempf J, Zill B, et al. SEcure Neighbor Discovery (SEND)[S]. RFC 3972, 2005-03.
  • 6Aura T. Cryptographically Generated Address(CGA)[S]. RFC 3972, 2005 -03.
  • 7Housley R, Polk W, Ford W, et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List(CRL) Profile[S]. RFC 2459, 2002-04.
  • 8Kent S, Atkinson R. IP Authentication Header[S]. RFC 2402, 1998-11.

共引文献10

同被引文献14

引证文献2

二级引证文献2

北京工业大学学报
2011年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部