| With the popularization of the Internet application, various campaigns of electronic business affairs and electronic government affairs is increasingly enhanced, the government, bank, corporation and so on had set up theire internal net resource. The secret of those electronic business affairs, electronic government affairs, corporation network, will be the target of attacker. The nentwork security is gradually becoming the key problem of the various nentwork server and application more development.At present, the advanced and popular network security technology step into intelligentized phase that fireproofing cooperated with IDS (intrusion detection system).This article first introduces the design of a data collection implement of IDS system. This design is based on network processor NP IXP1200 used embedded opration system, finished the collecting of nentwork data and information of network working status. But all of this technology is not the best security policy in theory, our design aim is a intelligentized hardware gateway-type IDP (Intrusion Detection & Prevention)system which can detect the intrusion and prevent the intrusion, can give a flexible monitor and control platform for network worker administrators.The design of IDP should take care of its ability, security, complexity, cost and so on other factors. The design of the IDP system is come and developed from the IDS system. The aim of this design is that the IDP is used as a gateway, which will be placed a phase nentwork or a specially server who need protection. The IDP detect all data which pass the IDP, then the IDP can do corresponding reply, protection, and decide whether the data is allowed passing, and implement the management of the IDP.Especially, based on the investigation of the small and middle corporation`s network configuration, the author provide a lightweight of gateway-type IDP system, which aim at the network security cost, using situation, network security reqirement of the small and middle corporation. |
PDF Full Text Request