The Design And Implement Of Rule Matching Core Component Of Firewall And The Preprocessors Module Of IDS

With the rapid increase of demands for multimedia, such as voice, video, the network has got swift and violent development. Many units such as School, enterprise and bank, all have LANs. These LANs all realize being interconnected through Internet finally, and transmit some commercial information or other important data through it. While Internet develops at full speed, the crime case of the network is in rapid rising, the online security has already been put in front of people as a very severe problem, have received more and more concern and attention. So, the security of protecting the LAN becomes a very important subject.Nowadays firewall is the most important Network Security Device. Firewall is located between internal network and internet, carry out complex handling for the packets that pass it in order to protect internal network effectively.Intrusion Detection System is an effective supplement for firewall. It can detect network attacks, using anomaly detection technology, but also to discover new network attacks. Intrusion Detection System and other mainframe are due to the parallel. Therefore, the testing of the application layer will not cause any kind of impact on network performance. So IDS is an effective supplement for firewall, the IDS eventual get a linkage to the firewall.However, be different to router and switcher, firewall should carry out complex handling for the packets that pass it in order to protect internal network effectively, for example, state inspection needs to analyses the transmission layer of the packet. So the performance of the firewall is requested to be excellent. Especially in gigabit network, we desire the firewall to be fast enough to forward packets at wire-speed. This is a great challenge to firewall.To meet gigabit network's security requirement, people give several solutions, including implement based on general CPU, implement based on ASIC and implement based on network processor. These solutions have own advantages and disadvantages each. Firewall based on general CPU can be implemented very easily, but speed is a great bottleneck. And that based on ASIC can reach a high speed, but with poor flexibility and development cycle. Firewall based on network processor is a tradeoff of the other two ways. Chapter one introduces the characteristics and functions of Network Processor, mainly describes the architecture and IXA software framework of Intel IXP2400 Network Processor.This article introduces what the author has done about implementing firewall based on network processor during graduate student period. Chapter two briefly introduces Firewall Technologies and Intrusion Detection Technologies. Chapter three introduces function design of The Giga-bit Packet Filter Firewall. As the author is responsible for the design of rule matching core component and the preprocessors module of Intrusion Detection System, chapter four describes the design, coding and testing of Rule Matching Subsystem in detail; chapter five function design of The Intrusion Detection System, then describes the design, coding and testing of Preprocessor Subsystem in detail.The other part of the dissertation (chapter six) first introduces function design of A-GPS/CELL-ID Mix Location System Based on GSM/GPRS Network, then describes the design, coding and testing of core function module in detail.