Fire wall controlling system and method based on NGN service

Abstract

The invention provides an NGN service-based firewall control system and method. And its kernel comprises: first, application layer agent module in service control equipment analyzes application layer signaling and makes safe detection on signaling flow, determining safety grade request information of service media flow and providing the request information for policy making functional entity; then the policy making functional entity determines corresponding media flow safety grade control information according to the request information and the stored policy information and providing the control information for network boundary equipment; and finally, the packet filtration-based firewall functional module in the network boundary equipment makes safe detection on the service media flow according to the control information. Therefore, it can prevent resource embezzlement and IP address counterfeiting and put an end to service and advanced application invasion and other network attacks.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a firewall control system and method based on NGN services. Background technique [0002] NGN (Next Generation Network) realizes the separation of the service layer and the transport layer. The transport layer is based on packet and optical technologies, and the service layer provides rich multimedia services. Because NGN network is based on IP grouping technology, therefore, solving the security and service quality problems of NGN business will be paid much attention to. As the most important and most widely used network security technology, the firewall function will continue to be used in solving the security problems of NGN services. [0003] At present, firewall products are mainly divided into two types: packet filtering firewall and proxy firewall. Among them, the packet filtering firewall works at the transport layer, and the proxy firewall works at the ap...

AI Technical Summary

Problems solved by technology

The disadvantages of [0007] static packet filtering firewall are: difficult to maintain; cannot effectively prevent hackers from spoofing attacks; does not support application layer filtering, cannot prevent data-driven attacks; cannot Provides complete control over the information flowing on the network

[0021]However, the settings of static packet filtering, state inspection and deep packet inspection in the NGN transport layer are performed by the administrator, and can only be coarse-grained security classification configured according to operational policies processing, whose existence is invisible to the NGN service layer (including session control proxy)

When a firewall provides packet filtering functions of different security levels, such as static packet filtering, dynamic packet filtering, stateful inspection, and deep packet inspection, it is impossible to dynamically select and execute packet filtering functions of different security levels according to user needs and session types

Images