| The traditional network security technology is installing patch to the OS, firewall and intrusion detect system, but all those methods have their disadvantages.The author begins the paper from the introduction of disadvantages of the traditional network security methods .Then the author introduces the concept of IPS. Intrusion Prevention System(IPS) not only can detect malicious behavior ,but also can stop the malicious behavior. It is a intelligent network security product which can provide real time's information security.This paper expatiates our IPS 's total design ,detail design and how to realize. Our system has packet filter function and intrusion detect&response function and content filter function. In every child-system realizing part, the paper list the system diagram and program logic diagram. We combine these functions together.1) Packet filter firewallThe paper discusses the netfilter mechanism of Linux2.4 kernel, and extend netfilter's function, analyzes how to design and realize the firewall based on netfilter technology. We design Web interface to manager the firewall, and this can make the management more easily.2) Intrusion detect &response functionWe design the IDS based on Snort and design a security event analysis arithmetic. It can find the true intruder from numbers of security events created in a long time. With this arithmetic, we can reduce the IDS's high error alerts.3) content filter functionContent filter system can filter the http and ftp packet's content base on the user's keyword;this can provide more network security.The paper also describes many key technologies in the design. In the last, the paper tests the system. From the data of test, our IPS's design is succeed.
|
PDF Full Text Request