本文已被:浏览 1509次 下载 2509次
Received:May 17, 2019 Revised:June 21, 2019
Received:May 17, 2019 Revised:June 21, 2019
中文摘要: 为了解决服务器系统及软件自身安全设置在服务器被入侵后可被重置,以及用于面防护的安全设备(硬件防火墙等)安全防护粒度大的问题,通过分析WWW服务器常用的网络应用如:WWW、DNS、FTP等,总结出各个网络应用数据流的特征,使用动态端口固定化原则和动态管理IP固定化原则,并据此配置服务器接入交换机ACL (访问控制列表),并将针对于每个服务器的ACL应用于服务器连接的交换机端口,对服务器进行点防护.在服务器防火墙规则禁用的情况下,服务器接入交换机ACL能够对服务器的行为进行限制,进而保护了服务器和内网网络设备.使用基于INTEL DPDK (数据平面开发工具)的Pktgen发包工具进行测试,服务器接入交换机ACL能很好的过滤掉服务器发出的高并发、大流量的异常数据包,进而保护了网络和设备.
Abstract:This study is designated to solve the problem of that server system and software’s security configurations can be reset after the server is invaded, and the network security equipment (hardware firewall, etc.) has large granularity. We analyze common network applications of WWW server, such as WWW, DNS, and FTP, summarize of the characteristics of each network application protocol, and according to the principle of dynamic port fixation and dynamic managerment IP fixation, configure the server access switch ACL, then apply each server’s ACL to the server-connected switch port, protect the server specially. When the server firewall rules are disabled, the server access switch ACL can limit the behavior of the server, thus protecting the servers and the intranet network devices. Using the Pktgen tool based on INTEL DPDK (Data Plane Development Tool) to test, ACL in the server access switch can filter the high abnormal traffic from the server and protect the network and equipment.
keywords: ACL network service TCP port server protection
文章编号: 中图分类号: 文献标志码:
基金项目:
引用文本:
单庆元,阎丕涛,南峰.交换机ACL在WWW服务器安全防护中的应用.计算机系统应用,2019,28(12):212-218
SHAN Qing-Yuan,YAN Pi-Tao,NAN Feng.Application of Switch ACL in WWW Server Security Protection.COMPUTER SYSTEMS APPLICATIONS,2019,28(12):212-218
单庆元,阎丕涛,南峰.交换机ACL在WWW服务器安全防护中的应用.计算机系统应用,2019,28(12):212-218
SHAN Qing-Yuan,YAN Pi-Tao,NAN Feng.Application of Switch ACL in WWW Server Security Protection.COMPUTER SYSTEMS APPLICATIONS,2019,28(12):212-218