The Design And Implementation Of Packet Filtering Firewall And Intrusion Detection System For Wireless Mesh Networks

Wireless Mesh Networks (WMNs) integrate advantages of both WLAN and Adhoc networks. WMNs have the advantages of self-organization, self-healing andself-management, which make WMNs become a promising technology to providewireless access. However, multi-hop routing paths in WMNs imply that user data areforwarded by multiple nodes. The more nodes the data pass through, the more likely thecommunications are attacked. The firewall is one of the most basic technologies innetwork security which can block attacks. Hence, researches of firewall and IDS forWMNs have great theoretical and practical significance.This thesis starts with firewall and IDS firstly, discussing the advantage and thedisadvantage of each technology. And then details design and implement for firewalland IDS modular in WMNs.The main function of a firewall includes the following aspects: The firewall systemis divided into three layers, i.e. the Graphical User Interface (GUI) layer, the logicalanalysis layer, and the Click software router layer. The implementations of these layersare described. The GUI layer is mainly for planning and designing the user interface toenhance user experience. As a connection between the top layer and the bottom layer,the logical analysis layer plays a vital role, which is related to operations of filessubmitting and saving. The Click software router layer is used to implement functionsof the firewall through invoking the elements in Click toolkit.The IDS for the WMNs is designed and implemented based on the WMNstopology and partial Snort-Wireless modules. Major efforts include: Two IDS schemesare respectively designed for PCs and wireless Mesh routers in our WMNs testbed. Thedetection rules are made based on Snort regulations, and are operated on wireless Meshrouters. Set up both hardware and software, configure and operate Snort-Wireless.Finally, the test results show that the firewall deployed in WMNs can effectivelyblock attack, and IDS modular can detect the attacks. The firewall and IDS we designedfor the WMNs can provide some security for WMNs.