| Firewall and Intrusion detection system (IDS) are widely used as two types of network safety protection technology. Firewall is usually deployed at the network boundary for two different networks isolation, through access control policy to allow or deny packets pass, which is static defense. IDS identifies intrusion actions and intrusion attempts by monitoring network packets, analyzing user and system activities and other means, is a dynamic defense technology. It is a research focus in the area of network security, to makes firewall and IDS working cooperatively in order to further improve the performance and defense level of network security system.The purpose of this dissertation is studying the combination of IDS and Firewall based on the analysis of snort IDS. The main contexts are as follows:(1) The snort is depth analyzed, which is an excellent open source IDS system. The studying in the combination of IDS and Firewall is based on snort.(2) After that, it is proposed installing firewall and IDS in the same network. With the characteristics of attacks detected by IDS, the rules of firewall are automatically generated by using script, and the attacks can be blocked from internet in time. It makes firewall and IDS working cooperatively to ensure the safety of intranet.(3) Besides, an alert operation maintain console subsystem is designed that help users observe or group or delete the alert information through web pages. It can be coordinated with the sub-system of Firewall and IDS to control access control policy rules of firewall by users.At present, the sub-system of Firewall and IDS is able to automatically combined by script, further Firewall can help the alert operation maintain console administer the alert if needed. It achieves the cooperation of subsystem automatic combination and man-made control, and reaches predictive effect in tests of lab small network. |
PDF Full Text Request