| Security of network systems is becoming increasingly important as more and more sensitive information is being stored and manipulated online. In addition to intrusion prevention techniques, such as user authentication, avoiding programming errors, and information protection, intrusion detection is often used as another wall to protect network systems.In this paper, we present the design and part of implementation of intrusion detection system for WAN security. WAN Intrusion Detection System (WANIDS) has four parts logically: Information Collection Unit, Analysis & Intrusion Detection Unit, Information Database, and Response & Control Unit. For Information Collection, we use Cisco' s NetFlow technology. NetFlow allows extremely granular and accurate traffic measurements and high-level aggregated traffic collection. By analyzing NetFlow data, a network manager can identify the cause of congestion; determine the class of service (CoS) for each user and application; and identify the source and destination network for your traffic. Analysis & Intrusion Detection Unit is designed to be layered for real time and accuracy. And ORACLE is applied as Information Database. And some improved methods can be found in Response & Control Unit. |
PDF Full Text Request