| This paper expresses the design and implementation of a network based Intrusion Prevention System, NIPS, which is based on a free open source IDS, Snort. With long time research of intrusion detection and intrusion prevention technology, a NIPS that can dynamically fit the deployed network environment and has the function of real-timely prevention was designed, which was based on the fusion of IDS and vulnerability scanning technology and the interaction of IDS and Firewall. The system is based on the Linux operation system. Snort, a free open source IDS, is used to check the network flow passing the NIPS box. The alert fusing, filtering module in charge of the fusion and filter of the alerts generated by Snort, then get the attack events which aim at the system or service vulnerabilities of the subnet hosts. The real-timely prevention module takes the charge of real-timely prevention. It generates the Firewall block rules to real-timely interdict the current attacks.The system is deployed as a transparent bridge, and can be fixed into any network with no changes be made to the original network. Having no ip in the local network, the box works in security. The system uses Iptables, the Netfilter Firewall embedded in the Linux kernel to prevent the unsafe network traffic. Rules of the Netfilter Firewall are adjusted dynamically by the real-timely prevention module.With modular design, the system can be flexibly adjusted according to different networks. The system can be used as functional NIPS, and also can be degraded to NIDS, even just to be a fast transparent bridge Firewall. |
PDF Full Text Request