技术领域technical field
本实用新型涉及网络安全技术领域,具体的说,是一种带入侵检测的网络安全管理系统。The utility model relates to the technical field of network security, in particular to a network security management system with intrusion detection.
背景技术Background technique
网络安全是指网络系统的硬件、软件及其系统中的数据受到保护,不因偶然的或者恶意的原因而遭受到破坏、更改、泄露,系统能连续可靠正常地运行,网络服务不中断。网络安全包含网络设备安全、网络信息安全、网络软件安全。从广义来说,凡是涉及到网络上信息的保密性、完整性、可用性、真实性和可控性的相关技术和理论都是网络安全的研究领域。Network security means that the hardware and software of the network system and the data in the system are protected from being damaged, changed, or leaked due to accidental or malicious reasons, the system can run continuously and reliably, and the network service is not interrupted. Network security includes network equipment security, network information security, and network software security. In a broad sense, all related technologies and theories related to the confidentiality, integrity, availability, authenticity and controllability of information on the network are the research fields of network security.
随着计算机技术的迅速发展,在计算机上处理的业务也由基于单机的数学运算、文件处理,基于简单连接的内部网络的内部业务处理、办公自动化等发展到基于复杂的内部网(Intranet)、企业外部网(Extranet)、全球互联网(Internet)的企业级计算机处理系统和世界范围内的信息共享和业务处理。With the rapid development of computer technology, the business processed on the computer has also developed from single-computer-based mathematical operations, file processing, internal business processing and office automation based on simple connected internal networks to complex internal networks (Intranet), Enterprise extranet (Extranet), global Internet (Internet) enterprise-level computer processing system and worldwide information sharing and business processing.
在系统处理能力提高的同时,系统的连接能力也在不断的提高。但在信息连接能力、流通能力提高的同时,基于网络连接的安全问题也日益突出,整体的网络安全主要表现在以下几个方面:网络的物理安全、网络拓扑结构安全、网络系统安全、应用系统安全和网络管理的安全等。While the processing capability of the system is improved, the connection capability of the system is also continuously improved. However, while the information connection ability and circulation ability are improved, the security issues based on network connection are also becoming more and more prominent. The overall network security is mainly manifested in the following aspects: physical security of the network, network topology security, network system security, application system security and network management security, etc.
现有技术的网络拓扑结构及硬件搭载上,安全管理的设置上过于简单,不能主动的发觉入侵行为,以至于频繁遭受网络攻击,严重时将使得拓扑内部工作机组出现瘫痪或信息泄露,给拓扑网络内部的用户造成极大的损失。The network topology and hardware configuration of the existing technology are too simple in terms of security management settings, and it is impossible to actively detect intrusions, so that they are frequently attacked by the network. Users inside the network cause great losses.
实用新型内容Utility model content
本实用新型的目的在于设计出一种带入侵检测的网络安全管理系统,提供现有技术的网络安全防范所需,通过对计算机网络或计算机系统中若干关键点收集信息并对其进行分析,从中发现网络或系统中是否有违反安全策略的行为和被攻击的迹象,达到及时主动的发觉入侵行为,完成入侵检测。The purpose of this utility model is to design a network security management system with intrusion detection, which provides the network security protection needs of the prior art, collects information from several key points in the computer network or computer system and analyzes it, from which Find out whether there are behaviors violating security policies and signs of being attacked in the network or system, so as to timely and proactively detect intrusion behaviors and complete intrusion detection.
本实用新型通过下述技术方案实现:一种带入侵检测的网络安全管理系统,包括路由器A、第一防火墙、网络入侵检测引擎、网关设备、网络漏洞扫描层、服务器监视层、服务器,所述路由器A依次连接第一防火墙、网关设备、网络漏洞扫描层、服务器监视层、服务器,所述网络入侵检测引擎连接第一防火墙,所述网络入侵检测引擎采用启明星辰天阗NS100,所述第一防火墙采用趋势TWG-BRF114,所述路由器A采用CISCO 2911/K9,所述网关设备采用NETGEAR UTM25,所述服务器采用IBM System x3850 X5。The utility model is realized through the following technical solutions: a network security management system with intrusion detection, including a router A, a first firewall, a network intrusion detection engine, a gateway device, a network vulnerability scanning layer, a server monitoring layer, and a server. Router A is connected to the first firewall, gateway device, network vulnerability scanning layer, server monitoring layer, and server in sequence, and the network intrusion detection engine is connected to the first firewall, and the network intrusion detection engine adopts Venus Tiantian NS100, and the first firewall Adopt trend TWG-BRF114, described router A adopts CISCO 2911/K9, described gateway equipment adopts NETGEAR UTM25, and described server adopts IBM System x3850 X5.
在使用时,通过采用启明星辰天阗NS100的网络入侵检测引擎对Internet数据进行入侵检测,它通过收集和分析网络行为、安全日志、审计数据以及计算机系统中若干关键点的信息,检查网络或系统中是否存在违反安全策略的行为和被攻击的迹象,以达到及时主动的发觉入侵行为的目的。When in use, the network intrusion detection engine of Venus Tiantian NS100 is used to detect the intrusion of Internet data. It collects and analyzes network behavior, security logs, audit data and information of several key points in the computer system to check the network or system. Whether there are behaviors violating security policies and signs of being attacked, so as to achieve the purpose of timely and proactively detecting intrusion behaviors.
进一步的,为更好的实现本实用新型,便于对Intranet上网络数据进行入侵检测,特别的设置下述结构:还包括内网入侵检测系统,所述内网入侵检测系统连接服务器监视层,所述内网入侵检测系统采用启明星辰天阗NS100,Intranet上的各种网络数据都将经启明星辰天阗NS100构成的内网入侵检测系统进行检测,检查网络或系统中是否存在违反安全策略的行为和被攻击的迹象,以达到及时主动的发觉Intranet网间是否有入侵行为的发生。Further, in order to better realize the utility model, it is convenient to carry out intrusion detection to the network data on the Intranet, the following structure is specially set: it also includes an intranet intrusion detection system, and the intranet intrusion detection system is connected to the server monitoring layer, so Venustech NS100 is used in the intranet intrusion detection system mentioned above. All kinds of network data on the intranet will be detected by the intranet intrusion detection system composed of Venustech NS100 to check whether there are violations of security policies in the network or system. Signs of attacks, in order to timely and proactively detect whether there is any intrusion on the Intranet network.
进一步的,为更好的实现本实用新型,使得Extranet网络数据能够良好传输,不会出现被攻击现象,特别的设置下述结构:还包括路由器B和第二防火墙,所述路由器B通过第二防火墙连接网络漏洞扫描层,所述第二防火墙采用NETGEAR FVS318G,所述路由器B采用CISCO 1841C/K9。Further, in order to better realize the utility model, so that extranet network data can be transmitted well without being attacked, the following structure is specially set: it also includes a router B and a second firewall, and the router B passes through the second firewall. The firewall is connected to the network vulnerability scanning layer, the second firewall adopts NETGEAR FVS318G, and the router B adopts CISCO 1841C/K9.
进一步的,为更好的实现本实用新型,能够利用设备运行防病毒软件来对病毒进行防御,特别设置下述结构:还包括防病毒系统,所述防病毒系统连接网络漏洞扫描层,所述防病毒系统搭载设备采用IBM System x3100 M4服务器。Further, in order to better realize the utility model, the device can be used to run anti-virus software to defend against viruses, and the following structure is specially set: an anti-virus system is also included, and the anti-virus system is connected to the network vulnerability scanning layer. The anti-virus system is equipped with IBM System x3100 M4 server.
本实用新型与现有技术相比,具有以下优点及有益效果:Compared with the prior art, the utility model has the following advantages and beneficial effects:
(1)本实用新型提供现有技术的网络安全防范所需,通过对计算机网络或计算机系统中若干关键点收集信息并对其进行分析,从中发现网络或系统中是否有违反安全策略的行为和被攻击的迹象,达到及时主动的发觉入侵行为,完成入侵检测。(1) This utility model provides the network security precautions required by the prior art. By collecting and analyzing information on several key points in the computer network or computer system, it is found whether there are behaviors and violations of security policies in the network or system. Signs of being attacked can detect intrusion behaviors in a timely and proactive manner, and complete intrusion detection.
(2)本实用新型在使用时,Internet上的网络数据接入时不光经过传统的防火墙保护,还经过入侵检测,通过主动防护技术的使用,对内部攻击、外部攻击和误操作实时保护,在网络系统受到危害之前拦截和响应入侵。(2) When the utility model is in use, the network data on the Internet is not only protected by traditional firewalls, but also through intrusion detection. Through the use of active protection technology, it can protect internal attacks, external attacks and misoperations in real time. Intercept and respond to intrusions before network systems are compromised.
附图说明Description of drawings
图1为本实用新型的结构框图。Fig. 1 is a structural block diagram of the utility model.
具体实施方式Detailed ways
下面结合实施例对本实用新型作进一步地详细说明,但本实用新型的实施方式不限于此。The utility model will be further described in detail below in conjunction with the examples, but the implementation of the utility model is not limited thereto.
实施例1:Example 1:
入侵检测(Intrusion Detection)是对入侵行为的检测。它通过收集和分析网络行为、安全日志、审计数据、其它网络上可以获得的信息以及计算机系统中若干关键点的信息,检查网络或系统中是否存在违反安全策略的行为和被攻击的迹象。入侵检测作为一种积极主动地安全防护技术,提供了对内部攻击、外部攻击和误操作的实时保护,在网络系统受到危害之前拦截和响应入侵。因此被认为是防火墙之后的第二道安全闸门,在不影响网络性能的情况下能对网络进行监测。入侵检测通过执行以下任务来实现:监视、分析用户及系统活动;系统构造和弱点的审计;识别反映已知进攻的活动模式并向相关人士报警;异常行为模式的统计分析;评估重要系统和数据文件的完整性;操作系统的审计跟踪管理,并识别用户违反安全策略的行为。Intrusion Detection is the detection of intrusion behavior. It collects and analyzes network behavior, security logs, audit data, other information available on the network, and information on several key points in the computer system to check whether there are signs of violations of security policies and attacks in the network or system. As a proactive security protection technology, intrusion detection provides real-time protection against internal attacks, external attacks and misoperations, and intercepts and responds to intrusions before the network system is compromised. Therefore, it is considered as the second security gate behind the firewall, which can monitor the network without affecting the network performance. Intrusion detection is achieved by performing the following tasks: monitoring and analyzing user and system activities; auditing of system structure and weaknesses; identifying activity patterns that reflect known attacks and alerting relevant parties; statistical analysis of abnormal behavior patterns; evaluating important systems and data Integrity of files; audit trail management of the operating system and identification of user violations of security policies.
入侵检测是防火墙的合理补充,帮助系统对付网络攻击,扩展了系统管理员的安全管理能力(包括安全审计、监视、进攻识别和响应),提高了信息安全基础结构的完整性。它从计算机网络系统中的若干关键点收集信息,并分析这些信息,看看网络中是否有违反安全策略的行为和遭到袭击的迹象。入侵检测被认为是防火墙之后的第二道安全闸门,在不影响网络性能的情况下能对网络进行监测,从而提供对内部攻击、外部攻击和误操作的实时保护。Intrusion detection is a reasonable supplement to the firewall, helping the system to deal with network attacks, expanding the security management capabilities of system administrators (including security auditing, monitoring, attack identification and response), and improving the integrity of information security infrastructure. It collects information from several key points in the computer network system, and analyzes the information to see whether there are signs of violations of security policies and attacks in the network. Intrusion detection is considered as the second security gate behind the firewall, which can monitor the network without affecting the network performance, so as to provide real-time protection against internal attacks, external attacks and misoperations.
为完成所述的入侵检测功能,提供现有技术的网络安全防范所需,通过对计算机网络或计算机系统中若干关键点收集信息并对其进行分析,从中发现网络或系统中是否有违反安全策略的行为和被攻击的迹象,达到及时主动的发觉入侵行为,本实用新型提出了一种带入侵检测的网络安全管理系统,如图1所示,通过用依次连接的路由器A、第一防火墙、网关设备、网络漏洞扫描层、服务器监视层、服务器,以及连接在第一防火墙上的采用启明星辰天阗NS100的网络入侵检测引擎来完成Internet网络数据的传输和入侵检测。In order to complete the above-mentioned intrusion detection function and provide the network security protection needs of the prior art, by collecting and analyzing information from several key points in the computer network or computer system, it is found whether there is a violation of the security policy in the network or system Behaviors and signs of being attacked, so as to detect intrusions in a timely and active manner. The utility model proposes a network security management system with intrusion detection. As shown in Figure 1, router A, the first firewall, and The gateway device, network vulnerability scanning layer, server monitoring layer, server, and the network intrusion detection engine connected to the first firewall adopt Venustech Tiantian NS100 to complete Internet network data transmission and intrusion detection.
涉及软件使用,协议规定等皆为成熟技术,将会直接植入应用,不涉及软件、协议的改变和创造。The use of software and protocol regulations are all mature technologies, which will be directly implanted into applications without involving changes and creations of software and protocols.
启明星辰天阗NS100具有如下特性:Venustech Tiantian NS100 has the following features:
最大检测率:80Mbps;Maximum detection rate: 80Mbps;
最大并发连接数:20万;Maximum number of concurrent connections: 200,000;
每秒新建连接数:4万;Number of new connections per second: 40,000;
处理能力(漏报率为零):80M;Processing capacity (missing rate is zero): 80M;
协议自识别:支持非常规端口的HTTP,FTP,POP3,SMTP,TELNET协议识别;Protocol self-identification: support HTTP, FTP, POP3, SMTP, TELNET protocol identification of unconventional ports;
接口:标配1个10M/100M电口,最大2个10M/100M电口;Interface: 1 10M/100M electrical port as standard, maximum 2 10M/100M electrical ports;
电源:100-240V;Power supply: 100-240V;
输入电流:4-2A;Input current: 4-2A;
功率:180W。Power: 180W.
实施例2:Example 2:
Intranet,企业内网,是Internet的延伸和发展,正是由于利用了Internet的先进技术,特别是TCP/IP协议,保留了Internet允许不同计算平台互通及易于上网的特性,使Intranet得以迅速发展。但Intranet在网络组织和管理上更胜一筹,它有效地避免了Internet所固有的可靠性差、无整体设计、网络结构不清晰以及缺乏统一管理和维护等缺点,使企业内部的秘密或敏感信息受到网络防火墙的安全保护。因此,同Internet相比,Intranet更安全、更可靠,更适合企业或组织机构加强信息管理与提高工作效率,被形象地称为建在企业防火墙里面的Internet。Intranet, enterprise intranet, is the extension and development of the Internet. It is precisely because of the use of the advanced technology of the Internet, especially the TCP/IP protocol, which retains the characteristics of the Internet that allows different computing platforms to communicate and is easy to access the Internet, so that the Intranet can develop rapidly. However, Intranet is superior in network organization and management. It effectively avoids the inherent shortcomings of the Internet, such as poor reliability, no overall design, unclear network structure, and lack of unified management and maintenance, so that secret or sensitive information within the enterprise is protected. Security protection of network firewall. Therefore, compared with the Internet, the Intranet is safer and more reliable, and is more suitable for enterprises or organizations to strengthen information management and improve work efficiency. It is vividly called the Internet built inside the enterprise firewall.
Intranet所提供的是一个相对封闭的网络环境。这个网络在企业内部是分层次开放的,内部有使用权限的人员访问Intranet可以不加限制,但对于外来人员进入网络,则有着严格的授权。因此,网络完全是根据企业的需要来控制的。在网络内部,所有信息和人员实行分类管理,通过设定访问权限来保证安全。比如,对普通员工访问受保护的文件(如人事、财务、销售信息等)进行授权及鉴别,保证只有经过授权的人员才能接触某些信息;对受限制的敏感信息进行加密和接入管理等等。同时,Intranet又不是完全自我封闭的,它一方面要帮助企业内部人员有效地获取交流信息;另一方面也要对某些必要的外部人员,如合伙人、重要客户等部分开放,通过设立安全网关,允许某些类型的信息在Intranet与外界之间往来,而对于企业不希望公开的信息,则建立安全地带,避免此类信息被侵害。What Intranet provides is a relatively closed network environment. This network is open at different levels within the enterprise. Internal personnel with access rights can access the intranet without restriction, but there are strict authorizations for external personnel to enter the network. Therefore, the network is completely controlled according to the needs of the enterprise. Within the network, all information and personnel are classified and managed, and security is ensured by setting access permissions. For example, authorize and authenticate ordinary employees' access to protected files (such as personnel, financial, sales information, etc.), to ensure that only authorized personnel can access certain information; encrypt and access restricted sensitive information, etc. wait. At the same time, the intranet is not completely self-enclosed. On the one hand, it needs to help the internal personnel of the enterprise to effectively obtain and exchange information; The gateway allows certain types of information to flow between the intranet and the outside world, and establishes a safe zone for information that the enterprise does not want to be disclosed to prevent such information from being violated.
与Internet相比,Intranet不仅是内部信息发布系统,而且是该机构内部业务运转系统。Intranet的解决方案应当具有严格的网络资源管理机制、网络安全保障机制,同时具有良好的开放性;它和数据库技术、多媒体技术以及开放式群件系统相互融合连接,形成一个能有效地解决信息系统内部信息的采集、共享、发布和交流的,易于维护管理的信息运作平台。Compared with the Internet, the Intranet is not only an internal information release system, but also an internal business operation system of the institution. Intranet solutions should have a strict network resource management mechanism, network security mechanism, and good openness; it is integrated with database technology, multimedia technology, and open groupware systems to form an effective information system solution. An information operation platform that is easy to maintain and manage for the collection, sharing, release and exchange of internal information.
Intranet带来了企业信息化新的发展契机。它革命性地解决了传统企业信息网络开发中所不可避免的缺陷,打破了信息共享的障碍,实现了大范围的协作。同时以其易开发、省投资、图文并茂、应用简便、安全开放的特点,形成了新一代企业信息化的基本模式。Intranet has brought new opportunities for the development of enterprise informatization. It revolutionaryly solves the inevitable defects in the development of traditional enterprise information networks, breaks down the barriers of information sharing, and realizes large-scale collaboration. At the same time, it has formed the basic model of the new generation of enterprise informatization with its characteristics of easy development, low investment, rich pictures and texts, simple application, safety and openness.
Extranet是一个使用Internet/Intranet技术使企业与其客户和其它企业相连来完成其共同目标的合作网络。Extranet可以作为公用的Internet和专用的Intranet之间的桥梁,也可以被看作是一个能被企业成员访问或与其它企业合作的企业Intranet的一部分;Extranet通常与Intranet一样位于防火墙之后,但不像Internet为大众提供公共的通信服务和Intranet只为企业内部服务和不对公众公开,而是对一些有选择的合作者开放或向公众提供有选择的服务。Extranet访问是半私有的,用户是由关系紧密的企业结成的小组,信息在信任的圈内共享。Extranet非常适合于具有时效性的信息共享和企业间完成共有利益目的的活动。Extranet is a cooperative network that uses Internet/Intranet technology to connect enterprises with their customers and other enterprises to accomplish their common goals. Extranet can be used as a bridge between the public Internet and private Intranet, and can also be regarded as a part of an enterprise Intranet that can be accessed by enterprise members or cooperate with other enterprises; Extranet is usually located behind the firewall like Intranet, but unlike The Internet provides public communication services for the public, and the Intranet is only for internal services of enterprises and is not open to the public, but is open to some selected partners or provides selective services to the public. Extranet access is semi-private, users are groups of close-knit companies, and information is shared within circles of trust. Extranet is very suitable for time-sensitive information sharing and activities between enterprises to achieve common interests.
本实施例是在上述实施例的基础上进一步优化,如图1所示,为实现Intranet网、Extranet网、Internet网之间的拓扑网络互访的网络安全,在网络漏洞扫描层上还设置有由第二防火墙和路由器B所组成的用于保护Extranet网数据传输安全的安全系统;在服务器监视层上设置有内网入侵检测系统,以便Intranet网上的数据在传输时能进行入侵检测,同时对Intranet网、Extranet网、Internet网上可能出现的病毒防范于未然,还设置了通过IBM System x3100 M4服务器进行搭载病毒软件的防病毒系统,防病毒系统通过网络漏洞扫描层进行病毒防御。This embodiment is further optimized on the basis of the foregoing embodiments, as shown in Figure 1, in order to realize the network security of the topological network mutual visit between Intranet network, Extranet network, Internet network, on the network vulnerability scanning layer, also be provided with A security system for protecting the data transmission security of the Extranet network composed of the second firewall and router B; an Intrusion Detection System for the Intranet is set on the server monitoring layer, so that the data on the Intranet network can be intruded during transmission, and at the same time Intranet, Extranet, and Internet may prevent viruses before they happen. An anti-virus system equipped with virus software is also installed through the IBM System x3100 M4 server. The anti-virus system conducts virus defense through the network vulnerability scanning layer.
为了搭载一个较佳的带入侵检测的网络安全管理系统,在各部件的选择使用上,内网入侵检测系统采用启明星辰天阗NS100,第二防火墙采用NETGEAR FVS318G,路由器B采用CISCO 1841C/K9,第一防火墙采用趋势TWG-BRF114,路由器A采用CISCO 2911/K9,网关设备采用NETGEAR UTM25,服务器采用IBM System x3850 X5。In order to carry a better network security management system with intrusion detection, in terms of the selection and use of various components, the intranet intrusion detection system adopts Venus Tiantian NS100, the second firewall adopts NETGEAR FVS318G, router B adopts CISCO 1841C/K9, and the second firewall adopts CISCO 1841C/K9. A firewall adopts trend TWG-BRF114, router A adopts CISCO 2911/K9, gateway equipment adopts NETGEAR UTM25, and server adopts IBM System x3850 X5.
其中,趋势TWG-BRF114具有如下特性:Among them, Trend TWG-BRF114 has the following characteristics:
为一款企业路由防火墙; For an enterprise routing firewall;
网络端口:4*RJ45 10/100/1000Mbps Gigabit Ethernet Auto-MDI/MIDX,1*Shielded RJ45 10/100/1000Mbps Gigabit Ethernet Auto-MDI/MIDX; Network port: 4*RJ45 10/100/1000Mbps Gigabit Ethernet Auto-MDI/MIDX, 1*Shielded RJ45 10/100/1000Mbps Gigabit Ethernet Auto-MDI/MIDX;
管理模式:基于WEB页面的方式,SNMP;Management mode: based on WEB page, SNMP;
安全标准:Access Control;Security standard: Access Control;
操作系统支持:Windows95/98/ME/NT/2000/XP,Unix和Mac;Operating system support: Windows95/98/ME/NT/2000/XP, Unix and Mac;
其他性能,标准:IEEE 802.3,802.3u,802.3ab,协议:NAT,PPPoE,HTTP,DHCP,TCP/IP,UDP,PAP,CHAP,RIP1,DDNS。Other performance, standard: IEEE 802.3, 802.3u, 802.3ab, protocol: NAT, PPPoE, HTTP, DHCP, TCP/IP, UDP, PAP, CHAP, RIP1, DDNS.
NETGEAR UTM25,NETGEAR ProSecure统一威胁管理(UTM)平台将性能和全面的安全性融为一体。基于串流扫描技术,NETGEAR 能够使用广泛全面的恶意软件数据库,并且同时保证了高吞吐量和低时延。灵活的软件模块化架构使得串流扫描技术在扫描文件和数据流的时候比常规的扫描技术快5倍。NETGEAR UTM25, the NETGEAR ProSecure Unified Threat Management (UTM) platform combines performance and comprehensive security. Based on streaming scanning technology, NETGEAR is able to use an extensive and comprehensive malware database while ensuring high throughput and low latency. The flexible software modular architecture makes the serial scanning technology 5 times faster than the conventional scanning technology when scanning files and data streams.
NETGEAR FVS318G具有如下特性:NETGEAR FVS318G has the following features:
为一款VPN防火墙;It is a VPN firewall;
并发连接数:6000; Number of concurrent connections: 6000;
局域网端口:8个10/100/1000 Mbps 自适应;LAN port: 8 10/100/1000 Mbps adaptive;
广域网端口:1个10/100/1000 Mbps 自适应; WAN port: 1 10/100/1000 Mbps adaptive;
管理模式:支持 SNMP(2c);Web 图形用户接口;用户名和密码保护;支持自动识别 IP 地址(或 IP 地址段)的安全远程管理和密码;配置修改/通过 Web 图形界面升级;支持管理员界面的双因素认证;Management mode: support SNMP (2c); Web graphical user interface; user name and password protection; support automatic identification of IP address (or IP address segment) secure remote management and password; configuration modification/upgrade via Web graphical interface; support administrator interface two-factor authentication;
处理器:250 MHz;内存:8 MB flash,32 MB DRAM;Processor: 250 MHz; Memory: 8 MB flash, 32 MB DRAM;
其他性能:VPN 智能向导简单配置 IPsec VPN;自动探测 ISP 地址类型(静态,动态,PPPoE);端口范围转发;端口触发;打开/关闭 WAN ping;DNS 代理;MAC 地址克隆/欺骗;支持网络时间协议 NTP;诊断工具(ping,DNS lookup,trace route,其它);端口/服务;支持端口线序自知应;L3服务质量(QoS)LAN至WAN和WAN至LAN(ToS);SIP ALG。Other features: VPN smart wizard for easy configuration of IPsec VPN; automatic detection of ISP address type (static, dynamic, PPPoE); port range forwarding; port triggering; enabling/disabling WAN ping; DNS proxy; MAC address cloning/spoofing; network time protocol support NTP; diagnostic tools (ping, DNS lookup, trace route, others); port/service; support port line sequence self-knowledge; L3 quality of service (QoS) LAN to WAN and WAN to LAN (ToS); SIP ALG.
IBM System x3850 X5具有如下特性:IBM System x3850 X5 has the following features:
采用机架式4U机箱; Using a rack-mounted 4U chassis;
处理器性能:CPU类型:Intel 至强7500,CPU型号:Xeon E7520,CPU频率:1.866GHz,智能加速主频:1.866GHz,标配CPU数量:2颗,最大CPU数量:4颗,制程工艺:45nm,三级缓存:18MB,总线规格:QPI 4.8GT/s,CPU核心:四核,CPU线程数:八线程; Processor performance: CPU type: Intel Xeon 7500, CPU model: Xeon E7520, CPU frequency: 1.866GHz, intelligent acceleration main frequency: 1.866GHz, standard CPU quantity: 2, maximum CPU quantity: 4, process technology: 45nm, L3 cache: 18MB, bus specification: QPI 4.8GT/s, CPU core: four cores, number of CPU threads: eight threads;
主板:扩展槽:7×半长PCI-E; Motherboard: expansion slot: 7 x half-length PCI-E;
内存特性:内存类型:DDR3,内存容量:16GB,内存描述:4×4GB PC3-8500,最大内存容量:1TB; Memory characteristics: memory type: DDR3, memory capacity: 16GB, memory description: 4×4GB PC3-8500, maximum memory capacity: 1TB;
最大硬盘容量:4TB,内部硬盘架数:最大支持8块串行连接的SCSI(SAS)或16块SAS SSD硬盘,热插拔盘位:支持热插拔,RAID模式: RAID 0,1,5; Maximum hard disk capacity: 4TB, number of internal hard disk racks: up to 8 serially connected SCSI (SAS) or 16 SAS SSD hard disks, hot-swappable disks: support hot-swappable, RAID mode: RAID 0, 1, 5 ;
网络控制器:双千兆网卡; Network controller: dual gigabit network card;
散热系统:热插拔风扇; Cooling system: hot-swappable fan;
系统管理:Alert on LAN 2,服务器自动重启,IBM Systems Director,IBM ServerGuide,集成管理模块(IMM),光通路诊断(单独供电),适用于硬盘驱动器/处理器/VRM/风扇/内存的Predictive Failure Analysis,Wake on LAN,动态系统分析,QPI Faildown,单点故障转移;Systems Management: Alert on LAN 2, Automatic Server Reboot, IBM Systems Director, IBM ServerGuide, Integrated Management Module (IMM), Light Path Diagnostics (separately powered), Predictive Failure for HDD/Processor/VRM/Fan/Memory Analysis, Wake on LAN, dynamic system analysis, QPI Faildown, single point failover;
系统支持:Windows Server 2008(Standard,Enterprise 和 Data Center Edition,32位和64位),32位和64位 Red Hat Enterprise Linux,SUSE Enterprise Linux(Server 和 Advanced Server),VMware ESX Server/ESXi 4.0;System support: Windows Server 2008 (Standard, Enterprise and Data Center Edition, 32-bit and 64-bit), 32-bit and 64-bit Red Hat Enterprise Linux, SUSE Enterprise Linux (Server and Advanced Server), VMware ESX Server/ESXi 4.0;
电源类型:热插拔电源,电源数量:2个,电源电压:220V,电源功率 1975W。Power supply type: hot-swappable power supply, power supply quantity: 2, power supply voltage: 220V, power supply 1975W.
本实用新型提供现有技术的网络安全防范所需,通过对计算机网络或计算机系统中若干关键点收集信息并对其进行分析,从中发现网络或系统中是否有违反安全策略的行为和被攻击的迹象,达到及时主动的发觉入侵行为,完成入侵检测。The utility model provides the need for network security prevention in the prior art, collects information on several key points in the computer network or computer system and analyzes it, and finds out whether there are behaviors violating security policies and attacks on the network or system. signs, to timely and proactively detect intrusion behaviors, and complete intrusion detection.
以上所述,仅是本实用新型的较佳实施例,并非对本实用新型做任何形式上的限制,凡是依据本实用新型的技术实质对以上实施例所作的任何简单修改、等同变化,均落入本实用新型的保护范围之内。The above is only a preferred embodiment of the utility model, and does not limit the utility model in any form. Any simple modification or equivalent change made to the above embodiments according to the technical essence of the utility model falls within the scope of the present utility model. Within the protection scope of the present utility model.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201420338845.7UCN203968148U (en) | 2014-06-24 | 2014-06-24 | A kind of network security management system with intrusion detection |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201420338845.7UCN203968148U (en) | 2014-06-24 | 2014-06-24 | A kind of network security management system with intrusion detection |
| Publication Number | Publication Date |
|---|---|
| CN203968148Utrue CN203968148U (en) | 2014-11-26 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201420338845.7UExpired - Fee RelatedCN203968148U (en) | 2014-06-24 | 2014-06-24 | A kind of network security management system with intrusion detection |
| Country | Link |
|---|---|
| CN (1) | CN203968148U (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618353A (en)* | 2015-01-16 | 2015-05-13 | 河南机电高等专科学校 | Computer security network |
| CN105871877A (en)* | 2016-05-05 | 2016-08-17 | 云神科技投资股份有限公司 | Big data implementation system and method based on network security |
| CN107659584A (en)* | 2017-10-31 | 2018-02-02 | 四川仕虹腾飞信息技术有限公司 | A kind of food processing factory's network security management system |
| CN112887288A (en)* | 2021-01-19 | 2021-06-01 | 青岛简屿传媒有限公司 | Internet-based E-commerce platform intrusion detection front-end computer scanning system |
| CN113949565A (en)* | 2021-10-15 | 2022-01-18 | 上海谋乐网络科技有限公司 | System and method for detecting vulnerability of intranet digital assets |
| CN115361232A (en)* | 2022-10-19 | 2022-11-18 | 广东卓维网络有限公司 | Safety protection system of electric power information network |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618353A (en)* | 2015-01-16 | 2015-05-13 | 河南机电高等专科学校 | Computer security network |
| CN105871877A (en)* | 2016-05-05 | 2016-08-17 | 云神科技投资股份有限公司 | Big data implementation system and method based on network security |
| CN107659584A (en)* | 2017-10-31 | 2018-02-02 | 四川仕虹腾飞信息技术有限公司 | A kind of food processing factory's network security management system |
| CN112887288A (en)* | 2021-01-19 | 2021-06-01 | 青岛简屿传媒有限公司 | Internet-based E-commerce platform intrusion detection front-end computer scanning system |
| CN112887288B (en)* | 2021-01-19 | 2022-09-13 | 重庆葵海数字科技有限公司 | Internet-based E-commerce platform intrusion detection front-end computer scanning system |
| CN113949565A (en)* | 2021-10-15 | 2022-01-18 | 上海谋乐网络科技有限公司 | System and method for detecting vulnerability of intranet digital assets |
| CN113949565B (en)* | 2021-10-15 | 2023-10-27 | 上海谋乐网络科技有限公司 | System and method for detecting vulnerability of intranet digital assets |
| CN115361232A (en)* | 2022-10-19 | 2022-11-18 | 广东卓维网络有限公司 | Safety protection system of electric power information network |
| Publication | Publication Date | Title |
|---|---|---|
| Jimenez et al. | A survey of the main security issues and solutions for the SDN architecture | |
| US11503073B2 (en) | Live state transition using deception systems | |
| CN103621038B (en) | Systems and methods supporting at least one of subnet management packet firewall restriction and traffic protection in a middleware machine environment | |
| US8166554B2 (en) | Secure enterprise network | |
| CN203968148U (en) | A kind of network security management system with intrusion detection | |
| US9807055B2 (en) | Preventing network attacks on baseboard management controllers | |
| CN110099040B (en) | Defense method for detecting and intercepting intranet attack source based on mass bait deployment host | |
| US20170237760A1 (en) | Supplementing Network Flow Analysis with Endpoint Information | |
| Kyaw et al. | Pi-IDS: evaluation of open-source intrusion detection systems on Raspberry Pi 2 | |
| CN104871484A (en) | Systems and methods for endpoint hardware assisted network firewall in a secure environment | |
| CN110636086B (en) | Network protection testing method and device | |
| CN105516189B (en) | Network security enforcement system and method based on big data platform | |
| US10951637B2 (en) | Distributed detection of malicious cloud actors | |
| US10021070B2 (en) | Method and apparatus for federated firewall security | |
| CN107508833A (en) | A kind of Network Safety on Campus protection system dispositions method | |
| CN101018119A (en) | Hardware-based server network security centralized management system without relevance to the operation system | |
| Song et al. | Cooperation of intelligent honeypots to detect unknown malicious codes | |
| US20230156018A1 (en) | Data criticality-based network policy creation and consumption | |
| Samani et al. | Intrusion detection system for DoS attack in cloud | |
| Araújo et al. | EICIDS-elastic and internal cloud-based detection system | |
| Talpur et al. | A survey on DDoS attacks: Router-based threats and defense mechanism in real-world data centers | |
| CN203911973U (en) | Expansible network system suitably used for large-scale local area network security | |
| Krishnan et al. | A multi plane network monitoring and defense framework for sdn operational security | |
| CN205071043U (en) | Network security system based on electronic commerce platform is used | |
| Dai | Secure digital library technology research based on VPN |
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20141126 Termination date:20180624 | |
| CF01 | Termination of patent right due to non-payment of annual fee |