整合式網路安全管理程式庫之實作

Abstract

網路的應用在今日已相當普及。不同於個人應用，對企業而言，網路的管理和安全性議題顯得格外重要。每日都有新的安全性漏洞不斷的被發現，因此，很難找到一個一勞永逸的解決方案。 在本篇論文中，我們將著重於：流量控管，防火牆，和即時網路資料分析這三個方面，建構一個網路安全管理程式庫（NSML）。開發人員可以藉由使用本程式庫來縮短開發一個網路安全管理相關軟體之時程。亦可應用本文所提出的網路架構，保護企業中的重要資源，並確保其服務品質。

Nowadays, Internet is so popular not only to individuals but also to enterprises. For enterprises, the management and security issues are very important. IDC estimates worldwide security software/services will grow 20% a year ( to 43 billion US dollars in 2008). There are new security problems discovered every day. Meanwhile, hacker grows as the defender grows. Therefore, the security solutions will never be perfect. In this paper, we focus on bandwidth control, application-firewall, and real-time traffic analysis to build a network security management library, NSML, which can acts as a stand alone library to saving the time to develop network security software through its API, and provides architecture to manage and protect the networks in an enterprise. NSML saves the time to develop a network security software and also reduces its complexity. By using our architecture, critical resources in enterprise network are protected and their quality of service are also guaranteed.