Security of network systems is becoming increasingly important as more, and more sensitive information is being stored and manipulated online.In addition to intrusion prevention techniques,such as user authentication,avoiding programming errors,and information protection,intrusion detection is often used as another wall to protect network systems.In this paper,we present the design and part of implementation of intrusion detection system for NDC(Network Data Center) security in CTT(China TieTong).NDC intrusion Detection System has six parts logically:Information Collection Unit,Pretreatment Unit,Analysis&Intrusion Detection Unit,Information Database,Sort Unit,and Response&Control Unit.For Information Collection,we use Cisco’s NetFlow technology.NetFlow allows extremely granular and accurate traffic measurements and high-level aggregated traffic collection.By analyzing Netflow data,a network manager can identify the cause of congestion,determine the class of service(CoS) for each user and application,and identify the source and destination network for your traffic.Analysis&Intrusion Detection Unit is designed to be layered for real time and accuracy.And MySQL is applied as Information Database.And some improved methods can be found in Response&Control Unit. |