Application Study Of Intrusion Detection System And Firewall Under Separation-and-Mapping Network

With the coming of the information society, the Internet has had a rapid development in just a few decades. Meanwhile it brings the tremendous progress of society as a whole. In recent years, the number of access terminals expanded dramatically, making the formal simple Internet to become to a new one with the mobile access capacity compared to the static access situations. Meanwhile, the complexity problem of the applications rose, as well as the network security issues of the Internet environment.Based on the thought of the separation of the identity and the location of a host, the Separation-and-Mapping network is designed to make the division of the whole Internet into two parts: the core network and the access network. It's a very good solution to the fact of the extension and mobility progress of the Internet. However, the security system in the new network is much less considered than needed. The significance of the study is obvious, which is focused on the use of intrusion detection system and firewall system to detect intrusions and make effective and real-time response, to ensure the security of both access network and core network in the Separation-and-Mapping network.In this paper, the security problems are studied in the Separation-and-Mapping access network. A proposal is suggested about the deployment of intrusion detect system and firewall in the new network. This paper first introduces the Separation-and-Mapping network technology, the architecture and the important entities, and overviews the intrusion detection system and firewall technologies in specific. A deep analysis is made of the security advantages and problems under Separation-and-Mapping network, and some security scenarios are discussed. Based on the previous work the security enhancement proposal is represent in the Separation-and-Mapping network: Network-based Intrusion Detect System for access network intrusion detection, firewall for communication control, IDS and firewall interaction for real-time disconnection of severe intrusions, and Host-based IDS for the security of both Access Router (AR) and the core network.The proposal makes full use of the features of IDS and firewall, achieves comprehensive intrusion detection of the access network, and implements prevention of the core network through the protection of the Access Router. The solutions are built up with some outstanding open-source software, such as HIDS OSSEC, NIDS snort, iptables and snortsam which allows firewalls to make response according to the snort's alerts. The test and verification work is done with three parts: Intrusion detection in Separation-and-Mapping IPv4/IPv6 backbone access network, real-time disconnection of severe intrusions in the backbone access network, and intrusion protection and active response of HIDS on the AR. Preliminary results show that the solutions has reached the functional requirements.Some following work should be done in the performance and management approach of the IDS and firewall system. Distributed system, private security network, and C/S mode communication should be used, and the realization of large-scale application deployment capabilities achieves.