文档介绍:摘要
随着计算机和网络技术的迅猛发展,我国信息化建设取得了巨大的成就,国民经济建设和人们的日常生活对于信息系统的依赖也越来越大。与此同时,网络安全事件的发生频率更是呈大幅度的上升趋势,尤其是蠕虫和DoS攻击,给国家和社会带来了极大的危害。针对这种状况,人们研制出了防火墙和IDS等安全产品。它们的应用在一定程度上缓解了和阻止了很大一部分安全事件和威胁的发生。但是,传统的防火墙和IDS有着自身的明显不足。根据Vandyke Software (美国网络安全软件开发商) 2003 年的调查显示,在目前网络安全事件的受害者中, 86%的用户使用了防火墙, 42%的用户使用了入侵检测系统。以上情况表明,仅仅使用防火墙和IDS已经不能满足当前网络安全的需求。在此背景下,人们提出入侵防御系统( Intrusion Prevention System, IPS)的解决方案。IPS是一种主动防御的解决方案,它可以阻止由防火墙漏掉的或IDS只能检测而不能处理的安全事件,从而减少因安全事件而受到的损失,增强系统和网络的性能及可用性。
本文详细介绍了主动防御系统IPS和相关技术。首先介绍了入侵防御系统的概念并总结了特点。然后对其分类、部署方式及工作原理进行了深入的探讨,同时比较了基于网络和基于主机两类入侵防御系统的特性并对其实现方法进行了讨论。最后针对入侵防御系统面临的问题,对其发展趋势进行了展望。
关键词: 主动防御入侵防御系统网络安全系统防御。
Abstract
With the rapid development puter work technology, we have achieved great ess in information construction. Both our national construction and our daily life is more and more dependent on information system. However, work security accidents increase accordingly, especially worm and Dos attacks, which bring great harm to our country and society. People developed some security products such as firewall and IDS to help solve these problems that to a certain degree prevented a number of security accidents and risks, yet the traditional firewall and IDS have their own disadvantages. In terms of the survey made by Vandyke Software in 2003, among the victims work security accidents, 86% of them used firewall and 42% of them used IDS. It seems that we cannot meet the needs of work security merely by using firewall and IDS, and so people put forward a solution called IPS –Intrusion Prevention System. IPS is a solution of active defense that can prevent some security accidents that firewall and IDS cannot solve, so as to reduce loss from accidents and strengthen the function and usability of system work.
This thesis will give you a detailed description of IPS and the related technology. At first, it gives an introduction of the concept and features of IPS. Then it discusses about its categories, deployment and working principles, and pares the two d