Research And Realization Of Intrusion Detection Individual Firewall On Linux Operation System

When more and more companies and government departments applies its core service on the Internet, the network security question presents in front of the people. In the tradition, the company and the government department generally uses the firewall carries on the guard, but to attacks the knowledge along with the aggressor gradually grasps, attacks the tool and the technique more and more complex is also diverse, the pure firewall strategy already was unable to satisfy to the safe highly sensitive department's need. The most important reason is the firewall is not "the intelligence". The firewall only can achieve the permission or prevent some address to some address specific port, but regarding aimed at opens the port the attack, the firewall is helpless. Next, the firewall completely cannot prevent from the internal attack. But through the investigation discovery, 50% attack all comes from to the interior, feels discontented regarding the company and the government department interior the staff, the firewall shape with is nominal. Furthermore, as a result of the performance limit, the firewall usually cannot provide the real-time intrusion detection ability, says regarding the now more and more diverse attack technology, and this obviously is the fatal weakness. Fourth, the firewall also is at a loss regarding the virus. Therefore, thinks in the Internet entrance deployment firewall system will result in enough security idea is impractical.The network defense must use one kind thoroughly, diverse method, under this kind of environment, the intrusion detection system became in security market new hot spot, not only more and more received people's attention, moreover already started in each kind of different environment to play its key role. The intrusion detection means detect without the permission visit and to one system or the network attack, it both can discover and process exterior attack, and can discover and process from the internal attack, after the discovery intrusion, can promptly make the response, includes shuts off the network connection, the recording event and the warning and so on. Unifies in individual firewall the firewall and the intrusion detection technology, what will be even better will be the user provides the safe protection."Research and realization of intrusion detection individual firewall on Linux operation system" namely stands the topic development research by this background.This article carried on the outline to the firewall technology as well as the intrusion detection technology, discussed firewall and the intrusion detection technology on Linux operation system with emphasis, included its basic principle, the system structure, the network data package of interception, how detection engine carries on the detect to the network data package, the firewall and the intrusion detection linkage. According to the desktop operating system user's demand, used these two technologies develops the Linux desktop system individual firewall.This article studies the essential technology, innovation and does work as follows:● Netfilter is Linux kernel functional framework to realize data package filters / data package processes / NAT etc., this article discusses realizes the firewall on this framework, as well as how will intrusion detection fuses in the firewall.● Uses iptables and Netfilter may carry on the data package filters, but in reality because its configuration is more complex, iptables is frequently put aside. This article will introduce the iptables firewall rule as well as through the tool configure rule, will help the user highly effective use firewall.● Carries on the real-time monitoring to network data package, when detect the attack...