一种基于蜜网的网络安全防御技术

Honeynet-based network security defense model

基于主动防御的蜜网技术虽然在一定程度上克服了传统安全模型被动防御的缺陷,但入侵者仍能通过蜜网对内部网络和外部网络进行攻击,造成蜜网本身也存在一定的不安全因素。为此提出了一种基于蜜网的网络安全防御技术———用DMZ(非武装区)和两层防火墙来防止内部网络被入侵;用NIDS(网络入侵检测系统)和流量控制的方法来防止外部网络被攻击,从而较好地解决了传统网络安全模型存在的一些缺陷。

Though honeynet, which is based on an active defense, has overcome some of the shortcomings of traditional techniques, invaders can still attack the inner and outer networks through Honeynet, so there are still many insecure factors in honeynet. This paper proposed an active defense technology based on honeynet. Using DMZ （demilitarized zone） and two firewalls to prevent the inner network from being invaded, and using NIDS（ network intrusion detection system） and flow control to prevent the outer network from being attacked. By this means, solved many problems both in the traditional network security model and honeynet.