| Nowadays, internet is becoming more and more popular, but at the same time, network virus, especially network worms begin to spread. (Impacts resulted by the mentioned type of virus are brought to our daily life, study and work, moreover, that can be a complete disaster for the whole society as well). Because of the difficulty to get rid of network woms and the large damage they make to the network, how to response to networms has become an important part in computer security area.At present, the main technology for worm containment (how to response to networms) is to use firewall or other similar equipment. Main purpose of these technologies is to protect the end network. Both high performance and high cost are required. It is hard to allocate as well. Therefore, the above technology is not favourable in the LAN.Based on the above analysis, a cost effective response system, which can be named an embedded system for worm isolation, is presented in the thesis. The very presented system can work with the IDS (intruding detection system).When the IDS find that certain host has been infected by worm in the LAN, it informs the isolating system promptly. Then the embedded system implements the function of isolation, the infected system is isolated from the LAN and correspondingly, whose communication process with the net outside is inhibited, therefore, the worms is prevented from spreading to the exterior network. By responding to worm in the source network, it can make certain control to the worms at its initial stage.For achieving the above mentioned purpose, the implementations are specified. ARP spoofing is used to make the worm infected host disconnected with the gateway, then it can not communicate with outside network;The system supports SNMPv3 protocol. All the communication assignments (isolating command, free from isolating command, querying command etc.) between the isolating system and administrator are achieved by the very protocol, therefore, the standard management of isolating system can be realized. The very isolating system is implemented in the embedded platform of arm7TDMI+uClinux, and cost can be greatly reduced. Consequently, compared with the existing series of strategies, the presented system is a preferable candidate.According to the above analysis, design consideration for the whole system, which is divided into four modules based on the function division scheme, is accomplished. Realization of the system whose sub-modules are respectiveinitialization module, isolation module, configuration and management module, data saving module, is finally accomplished.System is tested in the experimentation network and the excellent isolating effect of the system is achieved. The infected host is prevented from communicating with outside network and other non-infected hosts in the LAN can use the network normally.Finally, summary is concluded and the existing problem is analyzed, furthermore, future work is proposed as well. |
PDF Full Text Request