IP Spoofing 대응 기능을 가진 방화벽 시스템 구현

  • 최석윤 (대구대학교 정보통신공학부) ;
  • 김중규 (대구대학교 정보통신공학부)
  • Published : 1997.03.01

Abstract

This dissertation provides a theroetic study on the network security in general , the firewall in particular . In fact, the firewall has been recognized as a very promising option to obtain the security in the real world network environment . The dissertation provides a thorough theoretic investigation on the various problems raised in the computer network, and also explores a methodology of the security against IP spoofing. Moreover, it investigates a systematic procedure to make analysis plans of the firewall configuration. Based on the above investigation and analysis , this dissertation provides two approaches to network security, which address a number of issues both at the network and at application level. At the network level. a new methdo is proposed which uses packet filtering based on the analysis of the counter plot about the screen router. On the other hand at the application level, a novel method is exlored which employs security software , Firewall-1, on Bastion host. To demonstrate the feasibility and the effectiveness of the proposed methodologes, a prototype implementation is made. The experiment result shows that the screen router employing the proposesed anti-IP spoofing method at the network level is effective enough for the system to remain secure without being invaded by any illegarl packets entering from external hackers. Meanwhile , at the application level. the proposed software approach employing Firewall -1 is proved to be robust enough to provent hackings from the outer point to point protocol connection. Theoretically, it is not possible to provide complete secuirty to the network system, because the network security involove a number of issues raised from low level network equipments form high level network protocol. The result in this dissertation provides a very promising solution to network security due to its high efficiency of the implementation and superb protectiveness from a variety of hacking.

Keywords