Research And Application Of Firewall And IDS In Campus Network Deployment

With the rapid development of the network,security and reliability has becomes the focus of the users.For the campus network,the users' number and the potential risk is larger,so the manager of the campus has pay more attention to the security of campus network.The traditional network security measures including firewall,intrusion detection,anti-virus and security audit and so on.However,single security product has limitations when it is used.So,the study of linkage system has become a hot network security research.This paper focused on the research of how to integrate the firewall and intrusion detection system in the campus network,design and implement the SFI(school-firewall-IDS)linkage system.Firstly,this paper describe the key technologies and analyze the advantages and disadvantages of firewalls and intrusion detection systems,while describe the basic linkage feature and the existing linkage technologies,puts forward to use the open interfaces way of the linkage technology.,Secondly,Propose the demand analysis of the linkage system based on the invest and analysis of the security status of campus network.Then,this paper present the design idea and linkage model of the SFI and describe the design and implement method of each module.In this section the study focus on the linkage module.The main work of this paper is focus on the design and implementation of the linkage module.In order to ensure the effectiveness of the linkage module,the research use a unified communication message format,and ensure the communication between the firewall and intrusion detection is safe.So,this paper use the open source Stunnel to achieve the secure transmission between the firewall and intrusion detection,and configure the Stunnel in the linkage module,formulate the strategic response plan,the standard of the threat assessment rate,set the aging strategy according to the threat assessment rate.Furthermore,the paper analyze the security performance.Lastly,this paper test the linkage system uses the Linux firewall and Snort detection system.The result show this linkage system has some practical value in the campus network.