| Internet has brought great convenience to human community, but the complex situation of internet has also brought many security problems. There are many kinds of attack ways on internet. Meanwhile network security threat is not just about virus, service and server, it is now more focusing on the network foundations such as router and switch so that the router is facing more complicated and dangerous network environment. As a key network node, router is the gateway between internal and external networks, so it is very important to enhance t router security.As a result, the security router integrated with firewall, anti-virus software, IDS (Intrusion Detection System) and VPN (Virtual Private Network) will be applied widely. The thesis is focusing on the integrated IDS router based on OAA (Open Application Architecture). The main achievements are as follows:1. The OAA is introduced and analyzed. Based on OAA, the software and device of different manufactures could be combined to form the uniform product in order to provide the integration solution and reduce the investment.2. The whole software architecture of integrated IDS router based on OAA is presented. Based on this architecture, the CPU of router takes charge of packets forwarding, while the CPU of service component takes charge of intrusion detection, it greatly reduces the impacts between intrusion detection and packets forwarding. Meanwhile SNMP (Simple Network Management Protocol) and MIB (Management Information Library) are introduced for collaboration between IDS and router. This collaboration method has high efficiency and is easier for operation and configuration.3. The implementation details and related techniques about policy-rule management module and packet forwarding module are demonstrated. And the flow-match solution is introduced in packets forwarding module to save CPU time and improve router forwarding performance. |
PDF Full Text Request