| With the rapid development of the Internet, the problem of network security is outstanding increasingly. The new type of the distributed firewall which is the project of Ministry of Information Industry, gives a solution to the problems.The purpose of the project is to found a system that bases on the distributed firewall ..including intrusion detect and protect technology.Intrusion detect and protect technology,the one of kernel technology in our distributed firewall system is a new information security technology which could supply a gap of the firewall and the intrusion detect system in the information security domain.The technology is the optimize and combination of the firewall technology and intrusion detect technology.Different intrusion prevent system has different realizing method.The common ground of different intrusion prevent system is that all combine the prevent function of the firewall with the network data packets detect function of the intrusion detect system.Operating with each other,the firewall and intrusion detect system provide more complete protect for the network.At the very beginning, this paper introduces integral system work flow and intrusion detect technology and intrusion prevent technology relating to the topic.secondly the several parts of system design scheme and realization has been discussed :the system overall design ,the system design scheme and realization of the network intrusion detect/prevent module, the system design scheme and realization of the host intrusion detect/prevent module, this paper brings forward a intrusion prevent system frameworks which combines inline-operation with exterior operation.The frameworks can provide complete protect environment for the system and improve the entire security.At the end of this paper , the testing result of a kernel module in this system has been illustrated., a brief prospect for the future extended development on basis of existing system has been shown.
|
PDF Full Text Request