Network Monitoring System Deployment And Integration

In the enterprise business environment, the security solution should not be simply regarded as an optional element of reducing system risk, but should be considered as a significant factor of maintaining business functions and improving productivity efficiency. When enterprises are being faced with the information security attacks from network intrusion, network safety will be a much more pressing issue. However, none of the current security tools on the market can satisfy the system security requirements alone, which says that the research on the integration of security tools and on the deployment of highly efficient network monitoring system is of great importance for improving system protection capacity.Firstly, in the thesis we provided an in-depth analysis on the cost for enterprise network monitoring and the deployment of security management device; And by conducting a detailed investigation towards many of the victim companies, we acquired an overview of the attack vectors and vulnerability flaw form that the victim companies are suffering, and then we enumerated all the security tools, such as Firewall, IDS, IPS, IPSec VPN, and discussed their relevant disadvantages in meeting system security requirements. Secondly, based on the analysis of the monitoring process of the existent security tools, we proposed a Firewall engine strategy based on the status data packet of firewall detector, and by introducing the automated translation technology based on the combination of STATL language and Snort rules, we designed a network monitoring system with the integration of user interface characteristics. Finally, in the experiment we constructed an enterprise network simulation environment, by simulating the monitoring process of Firewall and Snort, we completed the integration and deployment of the Firewall, IPSec VPN and IDS on SPAN(Switch Port Analyzer) technology. Simulation results substantially proves that our network monitoring system based on performance integration can effectively enhance the system's overall security level, and make the system monitoring process much more simple.