|
|||||
|
|
| 基于Linux入侵检测动态防火墙的设计与实现 | |
| 引用本文: | 邵晓宇 杨善寐 褚伟. 基于Linux入侵检测动态防火墙的设计与实现[J]. 微机发展, 2008, 18(5): 156-158 |
| 作者姓名: | 邵晓宇 杨善寐 褚伟 |
| 作者单位: | 合肥工业大学计算机网络系统研究所 安徽合肥230009 |
| 摘 要: | 针对传统包过滤防火墙的缺陷,即策略固定无法根据入侵调整策略,引入Snort入侵检测系统。实现了防火墙和入侵检测系统的联合,减少了安全防护管理人员的参与。设计并实现了根据入侵检测结果动态地调整防火墙规则的机制,从而使得整个系统可以对已知的网络攻击以及某些未知的网络攻击进行有效的拦截,完成了一定程度上的自动检测、自动防御,并且整个系统具备了一定的学习能力,给个人用户以及小型网络用户构建了一个比较全面的安全防护体系。 |
| 关 键 词: | 网络安全 包过滤 防火墙 入侵检测 |
| 文章编号: | 1673-629X(2008)05-0156-03 |
| 修稿时间: | 2007-08-20 |
Design and Implementation of Dynamic Intrusion Detection Firewall Based on Linux |
|
| SHAO Xiao-yu,YANG Shan-lin,CHU Wei. Design and Implementation of Dynamic Intrusion Detection Firewall Based on Linux[J]. Microcomputer Development, 2008, 18(5): 156-158 | |
| Authors: | SHAO Xiao-yu YANG Shan-lin CHU Wei |
| Abstract: | Based on the traditional firewall can not be adjusted according to the invasion strategy inadequate,combining Snort intrusion detection system,achieved a firewall and intrusion detection system of joint.Based on the introduction of intrusion detection results of the dynamic adjustment mechanism for the firewall rules,achieve a certain degree of automatic detection,automatic defense,and have a certain ability to learn.Deal with certain unknown attacks,for individual users and small network users building a more comprehensive security protection system. |
| Keywords: | network security packet filtering firewall intrusion detection |
| 本文献已被 CNKI 等数据库收录! | |