Design And Implementation Of Network Device Unified Configuration System Based On Stat Technology

With the rapid development of network technology, people pay more and more attention to the problem of network security. To guarantee network security effectively, people put forward an idea to build a dynamic defense system based on the interaction of intrusion detection system (IDS) and network devices with security features. However, different models of network devices from different manufacturers usually have different sets of configuration commands. Therefore, the configuration commands used are often different when configuring the same security rule for them, which brings a problem to the implementation of the interaction. In addition, the differences among sets of configuration commands also increase the difficulty of the work of configuring network devices. To solve the above problems, this paper designs a network device unified configuration system, and implements its core by using the STAT technology.Firstly, this paper researches the STAT technology, Linux socket and OpenSSL. Secondly, an analysis is made of requirements of the network device unified configuration system. Furthermore, the structure of the system, function of each module, unified configuration commands, rules of command conversion and three kinds of data files are designed. Then, the command conversion module and proxy module of the system are implemented. The command conversion module is implemented based on the framework of STAT. It includes five plugins. The communication between it and the proxy module is implemented by using the stream socket and OpenSSL. After that, this paper also researches the application of the system in the field of network security. The system is mainly used in the interaction of IDS and network devices with security features as an automatic response system of IDS. Finally, the operating and testing situation of the system is described. The testing result shows that unified configuration commands can be used to configure different models of network devices from different manufacturers in the system, namely that the system can be used to implement the unified configuration of network devices.