隨著互聯(lián)網(wǎng)的日益普及和使用并依賴于數(shù)據(jù)和通信系統(tǒng)的時(shí)代,網(wǎng)絡(luò)安全問題已經(jīng)成為用戶、企業(yè)、政府和軍隊(duì)的必備�；ヂ�(lián)網(wǎng)結(jié)構(gòu)本身就具有很多的安全性威脅。因此,通過修改互聯(lián)網(wǎng)的體系結(jié)構(gòu)可以減少跨網(wǎng)絡(luò)攻擊的可能性。目前,企業(yè)和個(gè)人傾向于采用防火墻和IPS來防衛(wèi)自己受到互聯(lián)網(wǎng)安全威脅。在這個(gè)意義上的安全包括任何形式的違反數(shù)據(jù)保護(hù)和防范一些潛在的黑客來確保系統(tǒng)的安全。在這篇論文中為了處理這類問題,我們提供了加強(qiáng)的配置與一個(gè)更全面的解決方案,可以有效地檢測和防止此類攻擊。尤其是我們注重于DDoS攻擊,IP地址欺騙,TCP SYN和Smurf攻擊。TCP SYN, IP欺騙,Smurf攻擊是一種拒絕服務(wù)攻擊。除了靜態(tài)NAT,靜態(tài)策略NAT,靜態(tài)NAT端口轉(zhuǎn)換和許多本研究提出并組織實(shí)施的聯(lián)合政策許多靜態(tài)NAT防火墻,我們采用動(dòng)態(tài)NAT接口過載和建立聯(lián)合動(dòng)態(tài)NAT/PAT。我們還實(shí)現(xiàn)了IPS配置為目的。IPS是一個(gè)選項(xiàng),這有助于避免惡意流量傳到受害者。盡管檢測目標(biāo)系統(tǒng)已經(jīng)被廣泛使用,但是它仍然無法完全保護(hù)系統(tǒng),因?yàn)樗鼈兊姆磻?yīng)性。然而,我們采用積極主動(dòng)的措施處理這個(gè)問題,以防止網(wǎng)絡(luò)入侵防御。在這篇論文中,我們處... 

【文章來源】：湖南大學(xué)湖南省 211工程院校 985工程院校 教育部直屬院校

【文章頁數(shù)】：121 頁

【學(xué)位級(jí)別】：碩士

【文章目錄】：
ABSTRACT
摘要
TABLE OF CONTENTS
LIST OF FIGURES
LIST OF TABLES
CHAPTER 1 INTRODUCTION
    1.1 Problem Statement
    1.2 Motivation
    1.3 Research Focus and Achievements
    1.4 Thesis outline
CHAPTER 2 BACKGROUND AND PREVIOUS WORKS
    2.1 Firewall Basic
        2.1.1 Manage and Control Network Traffic (MCNT)
        2.1.2 Firewalls Authenticate Access (FAA)
        2.1.3 Act as an intermediary
        2.1.4 Protect resources
        2.1.5 Record and report on event
    2.2 Type of Firewall
        2.2.1 Packet Filtering Firewall
        2.2.2 Circuit Level Gateway
        2.2.3 Application Gateway
    2.3 Network Address Translation (NAT)
    2.4 Port address translation (PAT)
    2.5 What's the Difference between NAT and PAT
    2.6 Internet Protocol Security (IPSec)
    2.7 Virtual Private Network (VPN)
    2.8 Demilitarized Zone (DMZ)
        2.8.1 Three-pronged firewalls
        2.8.2 Multiple firewall DMZs
    2.9 Basic Component of IPS
    2.10 IPS Capabilities
        2.10.1 Attack prevention
        2.10.2 Regulatory compliance
    2.11 Categorization of IPS
        2.11.1 Network-based intrusion prevention system (NIPS)
        2.11.2 Host-based intrusion prevention system(HIPS)
        2.11.3 Network behavior analysis (NBA)
        2.11.4 Wireless intrusion prevention systems (WIPS)
    2.12 Deploying IPS
        2.12.1 Host IPS
        2.12.2 Network IPS
    2.13 Previous works
CHAPTER 3 SOLUTION AND METHOLOGY
    3.1 Testing Environment
    3.2 Methodology
    3.3 Prevention Attack solution
        3.3.1 Protecting form TCP SYN Attacks
        3.3.2 IP Spoofing Attack
        3.3.3 Smurf attacks
        3.3.4 Configuration to protection against DDoS
CHAPTER 4 IMPLEMENTATION FIREWALL COMBINED WITHIPS
    4.1 Firewall Configuration
    4.2 NAT Configuration
        4.2.1 Dynamic NAT/PAT Overload
        4.2.2 Dynamic Policy NAT/PAT
        4.2.3 Dynamic NAT/PAT And Policy NAT/PAT Combined
        4.2.4 Static/Policy NAT, Port Translation/Many to Many Static NAT
        4.2.5 Double NAT/Source Destination NAT
    4.3 Cisco IPS Configuration
        4.3.1 Getting Started Configuration Steps
        4.3.2 Advanced Configuration Options
CONCLUSION
REFERENCES
ACKNOWLEDGEMENTS



本文編號(hào)：3513841