Based On The Firewall And Intrusion Detection Linkage System Research And Implementation

Along with the interests of the trend, network attacks is becoming increasinglycomplex, and every millisecond attacks staged repeatedly, as an open secret saboteurscan more easily through a variety of ways to get the attack tools and carry out attacksbehavior. The phenomenon of loss and damage caused by the attack has been verycommon in the Internet now, and attacks abound. This phenomenon is directly harmfulto the self-interest of Internet users. Password encryption, firewall, authentication,access control and other perimeter security component is the traditionaldependent-manner to maintain network security system, and prevent intrusion andmalicious attacks. The drawback of this method is only able to meet the security needsof some users, but not be able to improve the security of the system on a whole, and tosafeguard the security of the overall system. The main purpose of this thesis is toexplore current solution and related products that could basically solve this problem andprotect the network security.People gradually recognized the role of dynamic defense in the development ofnetwork confrontation, as the result, the originally used static security mode is graduallybeing replaced by the depth defense and dynamic defense. The role of the static defenseis to provide useful data packets, identify attack information, and filter risk information,through such a way that play a role in protection. Its two main security component is afirewall system and intrusion detection systems. Unlike static defense technologies, thedynamic defense technologies focus more on the security coordination between thevarious components, and retain the basic functions of identification and filteringthrough the intrusion packet. This thesis has two main research methods, includingfirewall systems linkage adjustment and intrusion detection systems linkage adjustment,it can guarantee the availability of the system in multiple ways, because it combines thetraditional way of network security and intrusion prevention mechanism.Theestablishment of a comprehensive intrusion prevention systems is based on thecomprehensive utilization of these two security technology.This thesis is based on in-depth study of the linkage intrusion detection and firewall technologies, and simulates one linkage system through the utilization oflimited resources. The system is powerful, including real-time monitoring, intrusiondetection, firewall, dynamic response, and more function. In this framework, we willdifferentiate and divide of functionality between the various components. Meanwhile,we will introduce the key technologies of the linkage system and data flow. The finalsystem testing indicated that it has reached the design goals, and have a very goodpractical value. It implemented via designing and developing the dynamic linkagesystem, which based on the static intrusion detection system and firewall technology.The linkage system is a network security system, which is mainly for the currentnetwork intrusion, designed and implemented in attention to the technologydevelopment meanwhile improve the upgrade performance continually, which in orderto adapt the information technology requirements and the constantly changingcommunication technology.