| With the rapid development of computer network technology, network security issues are becoming increasingly serious.the most common practice of solving these problems is to set up a firewall. Howerer, the firewall is a static, passive access control technology, which can't prevent some attacks, such as attacks against the protocol vulnerabilities and internally generated attacks, but intrusion detection systems can detect these attacks, so we can carry out the linkage between firewall and intrusion detection system in order to change from passive defense to active defense. This is definitely a topic worthy of study.Based on the in-depth study of principles of snort intrusion detection system and Netfilter/Iptables framework, This thesis puts forward four linkage solutions between Netfilter and snort by analyzing the source code of snort and Netfilter, and one of them is implemented and tested.The thesis implements and tests the solution like this:snort_inline+mysql+ apache+base+Netfilter, main results are as follows:(1) The alert information, which can be drawn in bar graphs, line graphs, pie graphs, is displayed visually with the help of apache and base;(2) Not only use Oinkmaster to update the snort rules.automatically, but also use snort-config to rewrite the original rule base according to the custom standard.The thesis summarizes how to write snort plugins, and analyzes the principles of communication between Netfilter firewall and intrusion detection system snort. |
PDF Full Text Request