Purpose of this article is designing an intrusion prevention system, which based on the famous Snort, which is researched by numerous network security workers.Firstly, it introduces the principle of IPS(Intrusion Prevention System). From the basic knowledge of network attack and defense, the author analyzes the basic situation of current network security, especially the general network intrusion processes. After that, it introduces the IDS and IPS.Then the article analysis the existing Snort, which is known as an open-source IDS. The author shows the basic knowledge on Snort firstly, and then talks about the IDS's main problems, which refers to Snort's rule sets and alarm log system.In the third chapter, in order to realize the IPS, the author gives the overall design of the system. And it gives the methods to solve the original Snort's problems, too. When the Snort realizes the aim to control network packets, the design puts the environment variables in the kernel, and manages the rule sets by using a reasonable classification, and creates a new method to merge and classify the alarm information.The last is to realize of the entire system and test. The results of test prove that this design in this IPS realized the function of IPS and solved the problems found in the original system very well, at the same time. It is a practical Intrusion Prevention System. |