Network Perimeter Security Defense System Based On Linux Kernel

With the development of Internet, service based on Internet such as e-business, e-government and e-bank which help to facilitate people's daily life in the Information Era have been well developed. At the same time network security has been concerned more than before. Various network attack including virus attack, network invasion, port scan and service rejection has caused enormous economic loss. Therefore it's necessary to use effective network security technique to detect and prevent such kind of attack.A network perimeter is the boundary between the private side of a network and the public side of a network. A Firewall is typically deployed at the network perimeter. It can control each network packet according to the presetted security policy. But it lacks the function of analyzing and detecting. Intrusion Detection System makes up for this weakness. However, it is such a passive system that it only analyzes whether the network packet contains attacking messages, which it cannot deal with. Action cannot be made until the network administrator sees the alert of the Intrusion Detection System. Yet, intrusion at that moment may have already been finished.