Distributed Firewalls Intrusion Detection Systems Foundation Construction Design And Realization

From the end of last century, the computer network has been in a state of rapid development. There is no doubt that it brings us a great convenience in the development of computer networks both in learning or work, networks everywhere, it is an indispensable part that we live in. However, the network also has its flaws, it is security issues.At present, there are all kinds of factors of insecurity in the network environment, such as computer viruses, Trojan program, network hackers, and so on. These factors which are the existence of the normal operation in the computer networks are in a serious threat to network. Network security workers are also facing great challenges. How do we solve this problem of network security, has also become a very active current topics.In the current network security guarantee means a lot, such as firewalls, VPN, intrusion detection, and so on. Traditional firewalls are usually based on the access control list (ACL for packet filtering, at the entrance to the internal private network, also called "border firewall.) Border firewall to the internal network end users as a trusted, external network end users will have been as a potential to deal with the attackers. This assumption is the guiding ideology for the development of firewall and working mechanisms. However, as in recent years various network technologies and the development of new attacks in various emerging, firewall "is not anti-defense," the characteristics of potential safety problems as a result of new factors. According to statistics, 80% of the attacks and unauthorized access from internal and border firewall in dealing with internal network threats helpless, unless every mainframe firewalls are installed, but it is impossibleAlthough it has a variety of network information security technology, but there are still many server without the timely detection and prevention of the circumstances be attacked, resulting in huge economic losses. This was mainly due to traditional network security technology weaknesses, that is passive defense system has shown a lot of technical deficiencies. Therefore, initiatives have been proposed network security defense system, which is representative of the network intrusion detection system. Intrusion detection technology is the means through various surveillance network data packets and the various audit on the mainframe data to analyze whether there is a hacker trying to enter the system (or a denial of service attack) technology. With the above, the intrusion detection system is the function of intrusion detection system.Intrusion detection as a proactive security protection technology and the provision of internal attacks, offers to the real-time protection for the external attacks , it could be endangered in the network and the corresponding intercept before the invasion. The role of intrusion detection systems are:1.surveillance, analysis of the user's computer and network operating conditions, identify legitimate users and users of illegal ultra virus operation;2.the correctness of system configuration and security loopholes, and prompt repair loopholes in the system administrator;3.normal activities of the non-usersλstatistical analysis and found that attacks the law;4.inspection system and data consistency and accuracy;5.detected in real time on the offensiveλconduct response;6.audit tracking of the operating system management, and identifies the user's behavior violated security policies.With the increasing network bandwidth, network data traffic gradually increased, the traditional centralized intrusion detection systems are often a serious loss of data packets phenomenon, and a great system to load. In addition, as modern switches in the network environment of the large-scale use, the traditional network sniffer can no longer listening to the back and forth between the mainframe in other transfer data packets. Therefore, in the past through the sniffer to capture all network data packets approach is no longer viable. So the intrusion detection system of data acquisition and analysis necessary to have some way to achieve distributed.In this paper, intrusion detection system by the various challenges facing proposed a distributed intrusion detection system's basic structure, and in the realization of one of the distributed data acquisition and communication protocol part. Because of the firewall based on the distributed intrusion detection system of the information will be sent to the module database, the information database after pretreatment form a unified format, and then from the central control platform for a comprehensive analysis, information databases on the network can not only store data but also storage various statistical information network for the invasion analysis algorithm to provide the necessary data basis. Taking into account the Windows operating system in the network environment of the popularity of the Windows system, we achieved a data acquisition modules. The data acquisition module is based intrusion detection system module, it relates to the design of the other modules operating efficiency. Using NDIS intermediate drivers can NIC drivers and transport layer inserted between a driver-defined processing, which can be used to intercepted network packets, and re-packet, encryption, network address translation and filtering operation.In order to improve the system's invasion of flexibility and scalability, we will be data collection, storage and analysis of each functional integration in the network ,we also can operate independently of the mainframe, which agent. Agent can be understood as a computer on a process or a group process (because some system needs to function, for example, network data capture and bottom dump function, using a process is unlikely to succeed). This agent under normal circumstances operating in the background, they occupy as much as possible and use the resources of the computer users do not affect the normal work and study or the normal operation of a server for the standard. Each agent can be independently on the network for data acquisition and analysis of the invasion, but also with other agent's invasion of communication and sharing of data and results. To support between different agent distributed communications, we achieved the various data collection and analysis engine point of distributed communication protocol.