| Because of the popularity and variety of network applications, network security is getting respected by people. Today, the firewall, IDS and anti-virus software have become the security defensive solutions used extensively. Because of some limitations of themselves, which lead to the insufficient protection to the network, we need badly a kind of brand-new mechanism of defending and solve such awkward situation at present. Through analyzing the pluses and minuses of several security mechanisms and predicting the development trend of network security, the author bring forward the cooperative intrusion prevention system which can realize the overall protection and depth defense to the network.In this thesis, we firstly discourse upon the relevant concepts and operation principle of intrusion prevention system. And then we analyze particularly some possible schemes of cooperative defense with intrusion prevention system and discuss their difficulties, meanwhile we propose solutions to solve these difficulties. The solutions include a new generic communication protocol based on XML to solve the communication problems in cooperative defense and the management problems. In succession, we design detailedly the overall framework and inside modules of cooperative intrusion prevention system, and analyze the operation procedure of whole system. Finally, we bring forward a kind of implementation method of intrusion prevention system based on Netfilter/Iptables and Snort, at the same time we analyze and solve the difficult points among them.
|
PDF Full Text Request