| Conventional firewall, which belongs to perimeter firewall, is subject to single-entry point and a performance bottleneck. Furthermore, it relies on the notions of topology to implement the security policy. With the incredible development of network, the disadvantages of conventional firewall are more and more prominent. Under this circumstance, the concept of distributed firewall was proposed. Distributed firewall solves the problems of conventional firewall by distributing the firewalls to the hosts which should be protected. Although distributed firewall solves the many problems faced by the traditional firewall, it has many shortcomings as follows: the first, The traditional the intrusion detection methods based on access control points will be difficult to implement; the second, it will greatly increase network traffic that the log files were frequently exchanged between the host-server and the center strategy server; the third, these problems must be solved, such as cross-platform management, fully transparent for users and plug-and-play, the distributed firewall could be more widely applied.Distributed Intrusion Detection System is a top-down tree structure of the multi-level, the various subsystems are arranged at different nodes, they run own performance, mutual coordination to complete tasks, and meanwhile they are able to adapt to the needs of network communications, and easily the expansion and reduction.This paper presents a linkage System Model based on the firewall and the Distributed Intrusion Detection by Analyzing status of a distributed firewall and intrusion detection systems distributed. the firewall gets and implements the defensive strategy from the central strategy server directly, and protects the different servers by distributed firewall agents Construction of proxy server; the Distributed Intrusion Detection System is a intrusion detection system based on distributed network, monitors the network and the hosts connected network, the key technology is dealing the detecting Information coordination and the extracting information of invasion attack, then send to the central strategy server ; Center Strategy server makes a consistent and executable defense strategy by expert analysis system configuration or administrator configuration based on the Distributed firewall getting from the interaction of intrusion detection systems strategy from the Distributed Intrusion Detection System. In this model, A reasonable strategy for coordinated between the distributed firewall agents is the basic ensure of efficient work, it not only implements to get intrusion information from network but also solves the traditional intrusion detection not to take a active mode by integrated distributed firewall technology and intrusion detection technologies, meanwhile, the results of network intrusion detection provides a basis for firewall safety management strategy, thus, greatly improve the system security level and intelligent access control capability, implements three-dimensional depth of network security and multi-layered defense system. |
PDF Full Text Request