Campus Network Security Management System Based On SNMP And Syslog

Network security management is the use of a variety of applications, tools and equipment to assist network managers deal with network security issues. Capable of quickly identify and promptly deal with a variety of network security threats, it is essential to protecting the stable running of the campus network. The traditional network security management rely on a single network security device such as firewall, IDS, IPS, etc, or rely on multiple software and tools of the network management system or equipments belong to different manufacturers, which are not compatible and more focused on the device configuration, performance, fault diagnosis, the system or device independent data collected it needs and ignores the relevance of the information, not to discover security threats, security threats can not be accurately location and level can not take the initiative to make appropriate for dealing with security threats action. Usually have to wait for events, and affect the normal operation of the network, network managers can find, and then locate the source of the incident and take measures.In this paper, campus network security management as its main topic to the authors of the school where, for example, the existing campus network for security problems and respond to security threats, inadequate management of the proposed construct a standard protocol based on SNMP and Syslog Campus Network dedicated system safety management, and networking security threat evaluation system are discussed. The system includes modules for data collection, analysis and decision-making behavior assessment modules, three-part modules make full use of campus facilities in the network elements and management functions of log function, collecting information and data network security, and security threats against the danger level of assessment obtain quantitative results, to drive the implementation of management decision-making behavior of the module operation.Based on these ideas, using JAVA, and MySql developed a simple application model, using the SNMP Trap and Syslog firewalls from different manufacturers and switches to collect information, and through simple keyword matching, stored procedure, trigger management actions through the use of SNMP Set the implementation of closed port, modify the ACL operation, this verification system is feasible. Although a simple system model, but in practical applications, especially dealing with ARP interference, illegal DHCP and other internal network security issues, real time, low false positives, greatly reducing the workload of network administrators, in guarantee stable operation of the campus network played a role.