Design And Implementation Of An Experiment System Based On Interaction With Firewall And IDS Supporting Multi-User Concurrent Control

With the development of computer network and information technology, network security becomes more and more important. On one hand, we should learn something about computer network and information security technology. So, today, more researchers are working on how to providing a platform for these technologies'learning, training and practising.Among all the network security technologies, firewall technology and IDS technology have gained great progress up to now, but they have their own advantages and disadvantages. So, Realizing interaction with the firewall and IDS meets for the network security needs. The firewall and IDS can make up their shortfalls. Most of the current products are designed and developed based on commercial requirements, they focus on function implementation and take no care in interaction, besides, Most of them are operated exclusively. All these characteristics make them unsuitable for experiments or demonstrations. Based on this actuality, this paper analyses related theories and technologies of interaction with the firewall and IDS, then designs a experiment system based on interaction with the firewall and IDS, describes the specific methods. This paper first introduces firewall technology, IDS technology, technology of interaction with the firewall and IDS, related experiment, then make an in-depth research on interaction with the firewall and IDS architecture, key technology and several existing interaction with the firewall and IDS model. On the ground of this research, the paper discusses several innovative technologies, such as multi-user concurrent control. In association with the task and features of an experiment system, it designs a interaction with the firewall and IDS experiment system which supports large scale, multi-user current control. Then, the system is divided into several function modules, certain important modules are thoroughly discussed in their architectures, designs, and implementations. Finally, because the allocation of rules has a major impact on the performance of the firewall system, it studys the usage of anomaly rules detection and log to achieve rule optimization.This system meets the requirements of interaction with the firewall and IDS experiments for information security engineers.