| 网络入侵防御系统高可用性研究 |
| |
| 引用本文: | 尹少平. 网络入侵防御系统高可用性研究[J]. 信息安全与通信保密, 2005, 0(12): 68-69 |
| |
| 作者姓名: | 尹少平 |
| |
| 作者单位: | 山西大学工程学院信息工程系,030013 |
| |
| 基金项目: | 山西省教育厅2004年省级高校科研项目资助(编号20041342) |
| |
| 摘 要: | 本文分析了NIPS实用化面临的诸多挑战,给出了一些提高NIPS可用性的设计原则,并在简单比较了两种常 用NIPS硬件平台,即网络处理器和专用集成电路的特性后,给出了一种基于网络处理器、负载平衡器和IDS集群的NIPS 框架结构设计。
|
| 关 键 词: | 网络入侵防御系统 高可用性 串连模式 网络处理器 专用集成电路 |
| 修稿时间: | 2005-09-13 |
Research on High Availability of Network Intrusion Prevention System |
| |
| Yin Shaoping. Research on High Availability of Network Intrusion Prevention System[J]. China Information Security, 2005, 0(12): 68-69 |
| |
| Authors: | Yin Shaoping |
| |
| Abstract: | Network Intrusion Prevention System(NIPS) was developed to provide a novel solution to network security. NIPS both detects and identifies, and proactively prevents varies attacks from reaching their intended targets. Unlike firewalls, NIPS is significantly more complex. The complexity stems mainly from the need to analyze not just packet headers but also packet content and higher-level protocols. Implementing the various detection techniques for NIPS can require a large amount of computing power. This paper analyses the challenges to the utility of NIPS and then gives some principles to design high availability of NIPS. After comparing the characteristics of two main hardware platforms regarding of the architectures of a NIPS,,e.g. Network Proces-sor( NP), Application Specific Integrated Circuit (ASIC), we propose a skeletal architecture of NIPS based on NP?Load Balancer and IDS cluster. The features of high availability of this skeletal architecture is also presented in this paper. |
| |
| Keywords: | NIPS HA in-line mode NP ASIC |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
