| Firewall and intrusion detection, as important techniques to protect network security, are widely used, but the available network security products always use the firewall or the intrusion detection system(IDS) independently, which can not meet the integrity and multi-layer requirements. Enabling both the firewall and IDS simultaneously can provide static and dynamic protection to the network as well as conduct meticulous inspection of the network traffic, therefore the intra and extra network usage can subject to a reliable management. In China, developing new generation intelligent firewalls with self owned intellectual asset has especially more practical values.This paper primarily focuses on the design and implementation of the interactive mechanism between the guarder of IDS and firewall system. It comprises one part of gateGod of an intelligent firewall system and also is an important component of overall solution to secure web.The highlights of the paper are summed up as below:1. Design and implement intrusion detection system of the intelligent firewall with a name of guarder which can identify 1290 sorts of attacks, such as DoS, DDoS, FTP. WEB,NIS, DNS, CGI and OS attempting attacks, UDP/TCP ports scan and probe , buffer overflow attack, IP deception attack and etc.2. Introduce searching engine technology of "event inspection" and define the modulardescription language in respect of its intrusion patterns, as well develop the corresponding rules parser. Therefore new attacks can be logged in modular description language and added to the attacks logging database. The description languages together with the event inspection function make the system's expandability and upgrading possible.3. Design and implement the collaborating mechanism between the firewall packet filter system and IDS, greatly enhancing the security of firewall and networks.4. Design and implement the server configuration management system of intelligent firewall. The system handles the configuration requisites of firewall system from the client, making remote management of the host more convenient and safe.5. Customize the Linux OS to run gateGod called MiniLinux. Many insecure services have been wiped off. Linux OS and its kernel has been customized with minimum functions. In this case gateGod is established on a safe OS.6. Make some amendments to the daily logfile system: Write the daily logging data to the memory using Cache technology, mitigating the problem of DOM insufficient space; Avoid logfile overflow by using daily log queue technology ; Cope with repulsion problem of data logging and data sending.
|
PDF Full Text Request