摘要
提出IDS、防火墙由控制台进行联动的IFI(IDS and Firewall and IDS)模型,该模型对网络起到三重保护作用,同时可以避免防火墙遭到内外网的攻击,给出IDS模块、防火墙模块及联动控制台模块的设计思路。针对Snort无法检测经过IPSec作用的网络数据包的情况,提出在联动控制台设置IPSec映射模块,从而实现IPv6环境下Snort对经过IPSec作用的数据包的入侵检测。
This paper proposes the model of interaction among intrusion detection systems and firewall, which protects the network very well, and at the same time avoids the attacks from inside and outside of the firewall. Expounds every details of this model. Aiming at the situation of snort can't detect the packets with the action of IPSec, a IPSec module at the interaction control platform is proposed to achieve the goal that Snort can detect the intrusion of the IPSec packets in the IPv6 environment.
出处
《科技通报》
北大核心
2011年第2期233-237,共5页
Bulletin of Science and Technology
