Network Active Prevention And Centralized Monitoring Control System

With the increasing popularity of network, security of the network is becoming increasingly important. The present attack methods and means of network are becoming increasingly complex, with the high speed spread, which can infect thousands of hosts in a short time. In this situation, firewall and intrusion detection technology and other traditional network security technology are all unable, the network security new technology - intrusion prevention technology emerges. Intrusion prevention system is the active and real-time security protection measures, which has been developed in recent years. It can monitor and control the whole information of the network directly, and it is able to real-time detection when the malicious attacks are coming, then carry out the interdiction actively before the attack caused damage.The paper carries out analysis for the dynamic network security model, and puts forward the idea that is carrying out programming and design for the entire network under the definite administer policy. Then we carry out analysis for the principle of intrusion prevention system, and find the characteristics of intrusion prevention system and the advantage which compare with the traditional network security technology. Snort system which is with advantage is as the research object, and carries out the analysis, that aims at active defense characteristics, for the each component of Snort system module, then find out the deficiencies of Snort system which compare with the active defensive: first, analyses its capture and decode packet, and found that the storage analysis of packet did not rise to the application layer. Then we found that the detection engine module just carried out off-line analysis for the data, required manual intervention. Last, Snort system lacks definition of regarding active response on the face of rule definition.The paper re-builds the active prevention and centralized monitoring control system which aims at the deficiencies of each module that is in Snort intrusion detection system. Through network security needs for different networks establish policy, which can take unified management and deployment to the network. The system configure active prevention system under the specific policy, and re-builds the network packet capture and decode, makes the analysis of data packets rise to the application layer. Then the system achieves the initiative of detection engine by using policy detection, linkage mechanism etc network security technology on the process of detecting. And carries out unified and centralized analysis to the log file and content in database, distill the characteristics of malicious attacks, and redefine rules. Last, builds active response mechanism, which can be achieved the functions that interdict data source actively when the attack is found. The design and implementation of active prevention system, completes functions of active, real-time detection and active interdict the malicious attacks, and reduces process of the manual intervention, and implements prevention and centralized monitoring control for the network information.