【作者】 查婷民；

【导师】 陆松年；

【作者基本信息】 上海交通大学 ， 通信与信息系统， 2008， 硕士

【摘要】 随着计算机网络技术的飞速发展,社会生活信息化的程度不断提高,网络安全越来越重要,同样不可忽略的是针对用户的计算机网络与信息安全技术的学习、培训和实践。目前网络安全技术中的防火墙技术和入侵检测技术已经发展得比较成熟,但是各有其优缺点。把防火墙与入侵检测系统联动起来进行网络防护,顺应了网络安全发展的需要,弥补了两者的不足之处。当前的防火墙与IDS联动产品都是基于商业需求研制的,注重结果,交互性不强,而且一般只适于一个管理员配置,相对于实验中多用户、交互性等要求,难以满足实验需求。因此,本文设计了一个基于防火墙与IDS联动的实验系统,并给出了具体实现方法。本文首先介绍了防火墙技术、IDS技术、防火墙与IDS联动技术、防火墙和IDS联动实验的培训意义和现状以及所面临的问题,然后对防火墙和IDS联动的体系结构、关键技术以及几种现存的防火墙和IDS联动模型进行了详细的研究。其次,在此基础上,对多用户并发控制技术、防火墙和IDS联动技术和集中管理技术进行了深入的研究,结合实验的任务和特点,设计了一个充分利用现有技术的多用户并发控制防火墙和IDS联动实验系统。接着,从功能角度详细介绍了此系统各个主要模块的设计思想、体系结构和具体实现方法。最后,研究对防火墙系统性能有着主要影响的规则配置,改进规则异常检测算法,利用日志信息实现对防火墙规则进行优化。本文设计的系统,有效地满足了信息安全技术人员对于防火墙与IDS联动的实验需求,提高他们的动手能力和解决问题的能力,具有积极的现实意义。更多还原

【Abstract】 With the development of computer network and information technology, network security becomes more and more important. On one hand, we should learn something about computer network and information security technology. So, today, more researchers are working on how to providing a platform for these technologies’learning, training and practising.Among all the network security technologies, firewall technology and IDS technology have gained great progress up to now, but they have their own advantages and disadvantages. So, Realizing interaction with the firewall and IDS meets for the network security needs. The firewall and IDS can make up their shortfalls. Most of the current products are designed and developed based on commercial requirements, they focus on function implementation and take no care in interaction, besides, Most of them are operated exclusively. All these characteristics make them unsuitable for experiments or demonstrations. Based on this actuality, this paper analyses related theories and technologies of interaction with the firewall and IDS, then designs a experiment system based on interaction with the firewall and IDS, describes the specific methods. This paper first introduces firewall technology, IDS technology, technology of interaction with the firewall and IDS, related experiment, then make an in-depth research on interaction with the firewall and IDS architecture, key technology and several existing interaction with the firewall and IDS model. On the ground of this research, the paper discusses several innovative technologies, such as multi-user concurrent control. In association with the task and features of an experiment system, it designs a interaction with the firewall and IDS experiment system which supports large scale, multi-user current control. Then, the system is divided into several function modules, certain important modules are thoroughly discussed in their architectures, designs, and implementations. Finally, because the allocation of rules has a major impact on the performance of the firewall system, it studys the usage of anomaly rules detection and log to achieve rule optimization.This system meets the requirements of interaction with the firewall and IDS experiments for information security engineers.更多还原