基于改进策略树的防火墙策略审计方案设计与实现

防火墙在当今网络中起着不可或缺的作用,防火墙规则配置的合理与否直接关系到网络环境的安全.随着网络规模日益增大,防火墙配置也日趋复杂,为了更好的发挥防火墙的防护性能,防火墙策略审计应需而生.文章首先对防火墙规则之间的关系进行了详细研究,总结并分析了一些常见的规则异常种类,并对现有的策略审计方案进行了综述研究.其次,论述了防火墙策略审计系统整体的工作流程,层次化的分析了系统总体架构设计,对防火墙策略审计系统的配置规则审计模块进行了重点研究论述.再次,论述了传统的策略判定树审计方案,详细阐述了该方案的实现流程,分析并指出了该方案的优点以及所存在的不足.接下来提出一种以树形结构为基础改进后的策略审计方案,详细论述了该方案的审计流程并实现了改进的审计方案.最后结合该实现展示了系统的图形化报表以及详细审计结果,对改进后审计方案的审计结果与传统策略树进行了对比分析验证.

The Design and Implementation of Firewall Policy Audit Plan Based on Improved Strategy Tree

The firewall plays an indispensable role in today＇s network; the configuration of the fircwall rules is directly related to the security of the network environment. As the network scale increases, the firewall configuration becomes more complex, in order to improve the protective performance of firewall, the firewall policy audit needs to be applied. At first, this paper researches on the relationship between the firewall rules in detail, summarizes and analyzes some common exception types of rules, and the strategies of the existing audit plan are reviewed. Secondly, this paper discusses the whole working process of the firewall policy audit system, hierarchically analyzes the overall design of the system architecture. Then the configuration rules audit module of the firewall policy audit system is discussed emphatically. Again, this paper discusses the traditional strategy decision tree audit plan, expounds the realization process of the scheme, analyzes and points out the merit and the deficiency of the scheme. Then we put forward an improved audit plan based on the tree structure strategy, discuss the audit process of the scheme in detail and implement the audit plan. Finally we give the graphical reports and detailed audit results of the system, after which we analyze the two by comparing the improved audit plan to the traditional strategy tree.