查詢結果分析
來源資料
頁籤選單縮合
題名 | 結合分散式防火牆與代理伺服器技術之安全性文件存取設計=Secure Document Access Architecture Based on Distributed Firewall and Proxy Technologies |
---|---|
作 者 | 潘啟諫; 楊凱翔; 李肇林; | 書刊名 | 國立臺灣大學工程學刊 |
卷期 | 90 2004.02[民93.02] |
頁次 | 頁127-136 |
專輯 | 資訊工程專輯 |
分類號 | 312.76 |
關鍵詞 | 分散式防火牆; 代理伺服器; 網路安全; 文件存取; 防火牆; Firewall; Distributed firewall; Proxy; Document access; Network security; |
語文 | 中文(Chinese) |
中文摘要 | 由於網際網路的快速發展,使得企業組織所建構的內部網路日趨複雜且所及範圍增加,內部網路的安全性問題逐漸受到重視。以往企業組織運用建置防火牆來抵擋外部可能之攻擊行為,但是新穎的病毒及木馬等惡意程式運用網路穿隧技術,藉由標準通訊埠對外溝通,此種技術可以突破防火牆之限制,使得內部網路容易遭受攻擊。此外來自內部惡意員工的攻擊也會破壞內部網路的安全性。另一方面,文件的存取與分享已成為各企業組織主要的內部活動行為,關係整個企業組織的運作與發展,如何能夠確保其安全,避免遭受可能的網路攻擊行為,便成為主要的研究課題。本論文研究以企業組織內部網路的文件安全性為範圍,結合分散式防火牆技術在封包層次的過濾與控制功能,以及代理伺服器在應用層次的存取分析與控制功能,輔以傳統的SSL安全連線及VPN虛擬私有網路技術,並以使用者的應用為導向,來控制網路行為,以形成一個多層次的安全性文件存取機制。 |
英文摘要 | With the rapidly development of the Internet, the Intranet topologies of enterprises are getting more and more complicated and distributed, and therefore the security problem of the Intranet is gradually valued. Enterprises usually deploy firewalls to defense the outside attacks, however novel viruses and Trojans use the tunnel techniques to communicate with outside machines via the valid ports, and this attacks can pass the firewall to make the Intranet easy to be attacked. Besides, attacks from the inner enterprise members also break the Intranet security. On the other hand, document access and sharing is the primary behavior in each enterprise, and relates to the operation and development of enterprise. It is an important issue to ensure the document security and prevent any possible attacks from the Internet or Intranet. This paper focuses on the document security in the enterprise Intranet, and proposed one security architecture which combines the distributed firewall technology for filtering and control packets, and the proxy server for application level access control. Besides, the proposed architecture also applies the Secure Socket Layer (SSL) and Virtual Private Network (VPN) technique to secure the connection, and controls the network behavior according to different user applications in order to build a multi-level secure document access mechanism. Keywords: firewall, distributed firewall, proxy, document access, network security. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。