Implementation Firewall Combined with IPS to Prevent Dos/Mal

发布时间：2021-11-23 12:02

　　随着互联网的日益普及和使用并依赖于数据和通信系统的时代,网络安全问题已经成为用户、企业、政府和军队的必备。互联网结构本身就具有很多的安全性威胁。因此,通过修改互联网的体系结构可以减少跨网络攻击的可能性。目前,企业和个人倾向于采用防火墙和IPS来防卫自己受到互联网安全威胁。在这个意义上的安全包括任何形式的违反数据保护和防范一些潜在的黑客来确保系统的安全。在这篇论文中为了处理这类问题,我们提供了加强的配置与一个更全面的解决方案,可以有效地检测和防止此类攻击。尤其是我们注重于DDoS攻击,IP地址欺骗,TCP SYN和Smurf攻击。TCP SYN, IP欺骗,Smurf攻击是一种拒绝服务攻击。除了静态NAT,静态策略NAT,静态NAT端口转换和许多本研究提出并组织实施的联合政策许多静态NAT防火墙,我们采用动态NAT接口过载和建立联合动态NAT/PAT。我们还实现了IPS配置为目的。IPS是一个选项,这有助于避免恶意流量传到受害者。尽管检测目标系统已经被广泛使用,但是它仍然无法完全保护系统,因为它们的反应性。然而,我们采用积极主动的措施处理这个问题,以防止网络入侵防御。在这篇论文中,我们处... 

【文章来源】：湖南大学湖南省 211工程院校 985工程院校 教育部直属院校

【文章页数】：121 页

【学位级别】：硕士

【文章目录】：
ABSTRACT
摘要
TABLE OF CONTENTS
LIST OF FIGURES
LIST OF TABLES
CHAPTER 1 INTRODUCTION
    1.1 Problem Statement
    1.2 Motivation
    1.3 Research Focus and Achievements
    1.4 Thesis outline
CHAPTER 2 BACKGROUND AND PREVIOUS WORKS
    2.1 Firewall Basic
        2.1.1 Manage and Control Network Traffic (MCNT)
        2.1.2 Firewalls Authenticate Access (FAA)
        2.1.3 Act as an intermediary
        2.1.4 Protect resources
        2.1.5 Record and report on event
    2.2 Type of Firewall
        2.2.1 Packet Filtering Firewall
        2.2.2 Circuit Level Gateway
        2.2.3 Application Gateway
    2.3 Network Address Translation (NAT)
    2.4 Port address translation (PAT)
    2.5 What's the Difference between NAT and PAT
    2.6 Internet Protocol Security (IPSec)
    2.7 Virtual Private Network (VPN)
    2.8 Demilitarized Zone (DMZ)
        2.8.1 Three-pronged firewalls
        2.8.2 Multiple firewall DMZs
    2.9 Basic Component of IPS
    2.10 IPS Capabilities
        2.10.1 Attack prevention
        2.10.2 Regulatory compliance
    2.11 Categorization of IPS
        2.11.1 Network-based intrusion prevention system (NIPS)
        2.11.2 Host-based intrusion prevention system(HIPS)
        2.11.3 Network behavior analysis (NBA)
        2.11.4 Wireless intrusion prevention systems (WIPS)
    2.12 Deploying IPS
        2.12.1 Host IPS
        2.12.2 Network IPS
    2.13 Previous works
CHAPTER 3 SOLUTION AND METHOLOGY
    3.1 Testing Environment
    3.2 Methodology
    3.3 Prevention Attack solution
        3.3.1 Protecting form TCP SYN Attacks
        3.3.2 IP Spoofing Attack
        3.3.3 Smurf attacks
        3.3.4 Configuration to protection against DDoS
CHAPTER 4 IMPLEMENTATION FIREWALL COMBINED WITHIPS
    4.1 Firewall Configuration
    4.2 NAT Configuration
        4.2.1 Dynamic NAT/PAT Overload
        4.2.2 Dynamic Policy NAT/PAT
        4.2.3 Dynamic NAT/PAT And Policy NAT/PAT Combined
        4.2.4 Static/Policy NAT, Port Translation/Many to Many Static NAT
        4.2.5 Double NAT/Source Destination NAT
    4.3 Cisco IPS Configuration
        4.3.1 Getting Started Configuration Steps
        4.3.2 Advanced Configuration Options
CONCLUSION
REFERENCES
ACKNOWLEDGEMENTS



本文编号：3513841