| This dissertation expresses the design and implementation of a network based intrusion provent system, SIPS, which bases on Linux platform. With the research of the most typical IDS and IPS, a low cost NIPS was developed, which bases on PC hardware and Linux operation system. Snort, a free open source NIDS, is used to check the network flow passing the NIPS box. The response module, is developed with perl, gets the alerts generated by snort, real-timely, and analyses the alerts immediatly. After the attacker' information being decomponed from the alerts, the rules of netfilter will be changed by the response module, so that, the unsafe data would not reach its target.The SIPS system, discussed in this paper, just is a software NIPS, which doesn't need special hardware. A normal personal computer with two or more network adapters meets the demand. The SIPS system can be only one box, with one intrusion sensor and one response module, or one box with mulitiple intrusion sensors. The box works as a transparent bridge, can be fixed into any network with no changes be made to the original network. Having no ip in the product network, the box works in security. SIPS uses IPTables, the netfilter embedded in the OS kernel, to prevent the unsafe data. Rules of the netfilter were adjusted dynamicly by the response module.With modular design, the system have the ability to adapt to the network environment, it can be flexibly adjusted according to different networks. The box can be used as functional NIPS, and also can be downgraded to NIDS, even just to be a fast transparent bridge firewall.The response module is written with Perl scripts, can be modified and debugging easily. With multithreading development technology, SIPS provides a high performance. The system provides a powerful system log function allows user to analyse the security incidents by accessing to a secure web site, and get a sort of graphical statistical pictures.SIPS can be easily installed. The OS and SIPS are intergrated into a CD-ROM. You can install most of the system automaticly with pre-configed scripts. You can install the system in 30 minutes, after that, what you need to do is to modify the configuration file, to make the system fit the network. |
PDF Full Text Request