Research And Implementation Collaborative Intrusion Prevention System On Automatic Self-Allocating System

With the development of the network, people do many things easily. At the same time, network security issues are increasingly prominent. To ensure safety, intrusion detection, firewall and a series of technology are used widely. However, only relying on a single network security components have been difficult to meet current needs, they must be combined to constitute a comprehensive security system. The collaboration of firewalls and intrusion detection system is an important solution to achieve network information security. Rely on a firewall's block fuction and the detection ability of intrusion detection system, intrusion can be detected and blocked in realtime, endow system to the highest level of protection.Server cluster technology was applied to adapt the growing flow of network access. Construction of high-performance cluster system has increasingly become the focus of people's attention. However, traditional cluster technology, with little regard to safety, lacks the intrusion detection and intrusion prevention mechanism. This article is focused on this demand, research and implement the collaborative intrusion prevent system based on Automatic Self-Allocating System.The collaboration style of firewall and intrusion detection systems can be divide to closely integrated way and open interface style, which have their own advantages and disadvantages. Joint the two approach, we designed a hybrid module of intrusion defense system. The model is divided into the front-end and back-end, the front-end referenced modes of interaction technologies, mainly constituted by the intrusion detection module and the packet filtering firewall. The front-end can be used to quickly and coarse-grained intrusion detection, with the real-time detection and blocking of invasion Capacity. Back-ends are constituted by a group of intrusion detection probe and communication with front-end through plug-ins, and they also collaborate with the front end firewall. Back-ends have lots of IDS sensor, a group of back-end intrusion detection probe has a strong ability to detect, and they can make up for the lack of front-end intrusion detection shortcomings. Whe the back-end has detect intrusion, they will notify the firewall and blocking action will bring into effect.The mixed collaborative IPS model in ASAS platform has been realized. ASAS is constituted by the dispatcher and real servers. The dispatcher at the key location can schedule service request for the real servers, the implementation of the real server is to complete the request task. The front-end of IPS will be integrated into dispacher, and then the firewall module can block malicious traffic in real time. Intrusion detection probes are deployed in the real servers for testing the traffic travel through the front-end. The dispather will use most of ASAS's resources for cluster scheduling management, so the IPS front-end used rapid detection engine and strict rules, in order to avoid bottlenecks in the system.This article shows the test case of the collaborative IPS. We set up the experimental environment of the IPS to do a series of tests and achieved good results.