Research And Realization Of Campus Network Based On Active Defense

While network application raises increasing requirements for network security, routine security measures alone are no longer enough to perfectly solve problems of network security. So, we are in dire need of a highly effective, active and positive protection measure. Active defense system for campus network, as a new network defense system, can make up the defects of traditional defense technology for network security to a certain extent.Based on active network defense models, this paper mainly talks about the research, design and achievement of active defense system in campus network. A kind of new, dynamic and active defense model for network security has been pointed out basic on technologies of firewall, intrusion detection and access strategy. The paper has demonstrated active defense system is an important trend of development; studied relevant technologies and made a deep discussion and analysis on the intrusion detection system, access strategy and analytical technology of network data packets of the system, as well as their internal relations. The paper has also introduced basic principles, characteristics, overall structure and modules of the system. General design scheme, methods and technologies used have been discussed in the paper. The active defense system adopts the combination of access strategy and step-by-step intrusion detection system to achieve its functions and consists of several modules, access control, intrusion detection and border firewall linkage. The paper has also offered definitions of interfaces and detailed schemes and described the design and implementation of communication module in the last part.Tests have shown that the active defense system can effectively improve network security without the need to make many changes to original network.The active defense system needs to involve a wide range of aspects, In the future, it is necessary to perfect it by drawing more efficient methods for detection and access, put network resources into fruitful usage, try to reduce the disturbance to users to a further extent, and intelligently evaluate network security, in order to truly keep unsafe network nodes out of access.