论文信息 - Design and Implementation of Distributed Intelligent Firewall Based on IPv6

Design and Implementation of Distributed Intelligent Firewall Based on IPv6

IPv6, as the alternative of IPv4, contains numerous features and improvements that make it attractive from a security perspective, but it is by no means the panacea for security. This paper presents the design and implementation of a distributed intelligent firewall system based on IPv6, which is able to secure the network layer and application layer of IPv6 networking. By the system, the typical attacks coexisting in both IPv4 and IPv6, the emerging IPv6 specific ones such as security threats related to ICMPv6, can be blocked by the rule set of network layer, similarly, with the rule set of application layer, any illegal or reactionary Web page content in HTML source codes can be totally prevented from sneaking into the Intranet. The Initiative Drift mechanism ensures the legitimacy and civilization of the Web environment within the whole IPv6 networking. Finally, we conduct the performance evaluation of the system and a decent result is gotten.

Qian Ma | Yingxu Lai | Guangzhi Jiang

[1] Muhammad Abuzar Fahiem,et al. An Overview of IPv4 to IPv6 Transition and Security Issues , 2009, 2009 WRI International Conference on Communications and Mobile Computing.

[2] Thomas Narten,et al. Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[3] Thomas Narten,et al. Privacy Extensions for Stateless Address Autoconfiguration in IPv6 , 2001, RFC.

[4] Thomas Narten,et al. IPv6 Stateless Address Autoconfiguration , 2007, RFC.

[5] Michael H. Warfield. Security Implications of IPv6 , 2003 .

[6] Snjezana Rimac-Drlje,et al. Security aspects in IPv6 networks - implementation and testing , 2007, Comput. Electr. Eng..

[7] Stephen E. Deering,et al. ICMP Router Discovery Messages , 1991, RFC.

[8] James B. D. Joshi,et al. IPv6 Security Challenges , 2009, Computer.

[9] Greg Kroah-Hartman,et al. Linux Device Drivers, 3rd Edition , 2005 .

[10] Marco Cesati,et al. Understanding the Linux Kernel, Third Edition , 2005 .