| With the rapid development of computer network,attacks also becomes more and more sophisticated,complex.DDos is one of the attacks which present an especially damaging type of network security threat to the network security.How to design an efficient and reliable security prevention system has been the hot topic in network security managementfield.On the basis of analyzing a new method of DDos protection and initiative monitoring,this thesis expounds comprehensive deployment with the network of author's company.Specifically,work targets of this project consists of some aspects primarily,as following:1,to introduce the background,classification and tools of DDos attack,current situation of application research all over the world generally and to point out the target-oriented deficiency of some prevalent ways of DDos protection based on analysis of safety mechanism.2,to analyze the principle of clean,divert and inject of Guard and active monitoring of Detector,to contrast relative merits between Netflow and Detector and divide client market in business.3,to advance deployment program of bypass and initiative monitoring of Guard plus Detector on the base of the network of telecom operators.4,to program the protection deployment in these aspects of position designing,defending ability,centralization of management,redundancy setting and load blance.5,to indicate good effect of DDos protection of this deployment by means of experiment and instance.Via research and design of this thesis,to achieve goals as following:1,to deploy device of mitigation by Cisco-Guard and active monitor -Detector integrated by network of author' s company.2,to discern all kinds of DDos attack on the Internet basically,clean the whole flow to client and differ legitimate packets from malicious ones. 3,to detect initiativly DDos attack before the begin of DDOS attack but influencing the business of client. |
PDF Full Text Request