| Due to the limitation of the firewall and intrusion detection system in the information security domain, intrusion prevention system appeared. It is a new generation information security technology following the firewall and intrusion detection technique. It is also a intelligentized and secure product that protects the network and systems in real time from attacking, and now becomes a hotspot of research in network security domain.Firstly this dissertation expresses basic knowledge of network security , then introduces firewall and intrusion detection system technology. Because firewall and intrusion detection system both has some shortcomings,It is necessary to do the design and implementation of a network provent system, IPS, which bases on Linux platform.Free software snort and Netfilter are mainly used to detach and filter network packets. The response module, is developed with perl,gets and analyses the alerts generated by snort and immediately modifies Netfilter policy(we tred using Netfilter programing interface to modify Netfilter policy) ,so that the unsafe data would not reach its target. The box works as a transparent bridge, can be fixed into any network with no changes be made to the original network.IPS provides a secure web site with graphical statistical pictures for manager to analys logs. Finally, testing of the system is carried out, and the system can detect and prevent most attacks. |
PDF Full Text Request