Research And Design Of Intrusion Detection System And Firewall Integrated Collaborative Work Based On Linux System

With the extension of network application, it brings huge convenience for people, and it also brings an austere problem, i.e. network security problem. In order to protect network security, many corporations and individuals adopt a series of network security components, such as intrusion detection system, firewall, anti-virus software and traffic monitoring. But relying solely on a single network security component, the needs of existing network security cannot be met. They must be combined to achieve three-dimensional depth of defensive security system.In this study, the firewall and intrusion detection collaborative work achieve security and defense. The intrusion detect system adopts the open source software snort2.0, and the firewall adopts the open source software netfilter/iptables. They harmonize and cooperate to accomplish local area network's security defence. This method can provide more valid intrusion detect and corresponding defend method for the protected network.This thesis analyzes the prevailing means of invasion and attack; also introduces common intrusion detection model and intrusion detection system classification. At the same time, it also elaborates the principle and work flow of snort; analyzes the data collection process and the alarm log format of snort. Then, this thesis discusses mechanism of the Linux kernel 2.6 Netfilter firewall; analyzes the implementation process and the basic commands of iptables; studies the scalability of iptables. At the end, we build a framework of collaborative work based on Snort and Netfilter/Iptables.According to analysis of the alarm log file generated by IDS, the framework statistics various intrusions and dynamically change the firewall strategy. The firewall timely block attacks by the new strategy. Choosing appropriate response to the attack without artificial intervention can greatly reducing the time of system exposed after the loopholes were found. The framework is composed of collaborative initialization module, extraction and analysis of log module, regularly updating invalid rules module, establish Snort_To_IPT structure module, generation of firewall rules module, and application of firewall rules module. The feasibility of the detection and actively prevention intrusion of this framework is proved according to the simulation experiment.