Design And Implementation Of Special Network Security Policies

The competitions for obtaining information advantage is unprecedented intense in modern high-tech war. Information warfare has become the most important maneuver in modern high-tech war, which affects each warfare field and campaign space in the joint campaign. With the improvement of computer technology, various attack techniques emerge, aiming at special network information system. As one of the main objectives to be attacked in the special network, the incoming end requires to take efficient detection mechanism for reinforcing protection, to avoid being abused and attacked. As one of the core technologies to antagonize network attack, Intrusion Detection technology has become more and more important and urgent, to construct the defense line of network information security, make good preparation for the information defense and take measure to cope with system paralysis actively.Through the analysis and comparison of the special network and special local network, the importance of protecting the incoming end in the special network is presented. Intrusion Detection technology is utilized to cope with the attack of TCP SYN Flood DoS(Denial of Service) of the information incoming end in the special network in this paper. Intrusion Detection technology identifies and responses the malicious operation behavior of the computer or network resource. Besides the detection of the attack behavior from external, the activities without authority from internal user are also inspected. Intrusion Detection System of the special network is designed and implemented through the simulation of TCP SYN Flood attack in the special network. The distorting alarm and false alarm are solved well by individually counting for a single IP. The original characteristic value of the source IP is replaced with the source MAC as the detecting characteristic value. To deal with the locating problem of the attack source of TCP SYN Flood, the interface of data capturing of IDS(Intrution Detection System) is placed at the three-layer gateway. At last, the scanning detection and detecting characteristic value of TCP SYN Flood are improved. The detection experiment is carried through in the simulated military network environment in Linux. The final result shows that the proposed intrusion detection mechanism is able to detect the scanning source and the attack source of TCP SYN Flood, and ensures the security of the special network well.