| Basically, the network security is the safety of information; the network security is involved in secure management, secure technology and secure equipment. In technology, there are many secure components, such as the secure OS, the application software, the firewall, the network monitor, the encryption, the tolerated disaster and the security scanning, ensuring the network sefety.In this paper, the firewall, IDS, VPN and secure audit are discussed and a system of network security is proposed. These technologies as mentioned above are integrated in this system. Based on TCP/IP, the network security system called GateGod is designed and implemented The contribution in the paper includes as follows:The stateful packet filter subsystem, the masquerading and the port-mapping subsystem is designed and implemented.The intrusion detection system called guarder is designed and implemented. This system adopts engine technology of "event inspection" and defines the pattern description language in respect of its intrusion patterns; as well as develops the corresponding rules parser. Therefore new attack can be logged in pattern description language and added to the database of attack log . The description languages together with the event inspection function make the system easy to expande and upgrade.IPSec's realization in Linux operating system and some source codes that the network realized in Linux operating system are analyzed carefully. Based of those, a type of network safety model named 'IP Tunnel' has been designed and realized. It has presented the mechanism of adding the information of the tunnel automatically, which has improved very efficient, has kept to ISAKMP/OAKLEY protocol and has presented the secure and credible key distribution and management, supported strict identity authentication based on PKI and supported X.509 and PKCS12 certificates.The design and implementation of the collaborating mechanism between the firewall packet filter system and IDS, greatly enhance the security of firewall and networks.In the system, there are many technology to improve security of system, such as cache, watermark and log audit technology.The Linux OS named NisecLinux is customized. Many insecure services have been ripped away, and the kernel has been customized. The minimum function has been provided, and the system runs on the secure OS. The NisecLinux is based on DOM (Disk On Module), then the efficiency and the security is improved greatly.The manager tool of GateGod system is designed and implemented. In the subsystem, the C/S mode is introduced, and the client runs on Windows platforms. Using the manager tool, administrators can easily config the model of firewall, IDS, IP tunnel and log audit.Integrating with firewall, IDS and IP tunnel,the system constructs secure environment of data access control and data transmission.
|
PDF Full Text Request