Analysisand Design Of The Distributed Network Security System

With the high-speed development of science and technology, the functionality of the Internet has improved steadily and continuously. The speed, access control and the number of logical connections of Internet has been increasing. The System structures and software are more and more complex and large scale. A lot of information of national, corporate and personal have been stored on computer. Once the information is leak or steal, the impact will be unpredictable. Therefore, how to ensure the security of the network becomes very important. And network security technology has emerged.Different kinds of network security technology make our network environment get a security guarantee.This paper analyzes the existing protection program of security technology. On the basis of in-depth study and analysis of Firewalls and Intrusion Detection systems, this paper absorbs the advantages of existing programs and make up for its shortcomings. With the application of distributed system architecture, this paper makes firewalls and intrusion detection systems combined, analyses and design a distributed network security systems, to provide a static and dynamic combination three-dimensional network protective measures for solving the internal user demand for network security.This work is mainly the following aspects:1) Introduce the network security research background, summarizes the various network security technology.Make a comprehensive overview of Firewall and Intrusion Detection technology.Introduce the concept of Firewall and Intrusion Detection, functions, strengths and weaknesses, and classification of them.2) Make a requirement analysis of Network security system. Proposedynamic security model and basic design theory. Make an analysis for Linkage technology of Firewall and Intrusion Detection. Usedistributed architecture, combine firewall and intrusion detection technologies and proposed distributed architecture.Makeaoutline design of system, give the overall design ideas, design goals and system structure.3) Make detailed design for the core modules of the system including the firewall module, intrusion detection module and linkage to respond to the decision-making module.Make requirement analysis of these core modules. Confirmthe function ofmodule and complete the module architecture, functiondesign, and design of sub-modules.4) Code to achieve the Intrusion detection and firewall function module. Realize the main function of the system. And make functional tests for distributed network security system. By comparison and evaluationwith other network security systems. Have a summary of the features and advantages of the system.Experiments show that distributed network security system inthe paperhas some advantages of security, reliability, scalability and economy. For security, through making a combination of Firewall and Intrusion Detection network security technology and distributed architecture design, the system in this paper provide a combination of static and dynamic security protection. And it improve the security of internal network.For reliability, system not only use static firewall as the first defensive measure, but also take dynamic intrusion detection system as second defensive measure. And intrusion detection will be distributed in various locations of network to ensure that reliability of detection result. For expansibility, system can also increase Web Page Guard, Web scanning system, more all-round protection of the internal network. The system can make more comprehensive protection of internal network.