基于Kerberos分布式防火墙技术研究  

作　　者：梁雪梅[1,2] 梁秋艳 

机构地区：[1]重庆大学计算机学院,重庆400044 [2]重庆通信学院,重庆400035 [3]贵州省龙广一中,贵州552400

出　　处：《电脑知识与技术》2007年第11期674-679,共6页Computer Knowledge and Technology

摘　　要：随着计算机网络技术的迅猛发展和Interilet／Intranet用户数量的激增。以及新型网络服务的研究、实施和应用。计算机网络安全问题日益突出。使得计算机安全问题成为影响计算机互连网络进一步发展的一个重要因素。以往采用的安全保护中使用的最多的是传统的防火墙机制．可是随着网络技术的不断发展。传统的防火墙已经逐渐不能．满足安全的需要：本文针对传统防火墙所带来的问题。提出了一种基于Kerberos认证的分布式防火墙的新型体系结构，在保留传统防火墙优点的基础上．以Kerberos协议为主要基础，综合网络安全软件算法合理运用防火墙相关知识，实现内部网安全分布式防火墙系统，解决了传统防火墙的安全隐患。为众多内部网络用户的需要重点保护的网络资源提供一个可管理的、分布式的安全网络环境。With the speedy developing of computer technology,the consumer quantity of intemet＆ intranet rapidly increasing, and the research,implement,and application of the new service of the network.The network security of computer is becoming Important day by day, and this is a key factor which has influenced the deeply development for network.Past the security protection of the most traditional firewall mechanism However, as networks and technological development,the traditional firewall has gradually failed to meet security needs.This paper has brought traditional firewall problems Based on the Kerberos authentication Distributed firewall new architecture,preservation of traditional firewall merits on the basis of the traditional firewall solution to the .hidden dangers. Among the main research work are：（1）to the Kerberos protocol to the foundation Comprehensive network security software algorithm rational use of firewall related knowledge and to the internal security of distributed network firewall systems; （2）structure is built to a modular design and the use of a simplified,based on the public key of the Kerberos protocol, transparent certification; （3）the integrated use of security attthentication,access control,authorization,confidentiality, audited and centralized management and other network security technology, which not only satisfies the reliability of the system performance, Management can achieve operational flexibility. Of massive internal network users need to focus on the protection of network resources to provide a manageable, distributed network security environment.

关 键 词：KERBEROS协议 分布式防火墙系统 认证 公开密钥 安全策略 防火墙 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]