Internet security has been the hottest topics in the recent Internet environment. Firewall and IDS Systems have been installed in many sites for the countermeasure of hacking and computer virus. However, these appliances or software are relatively expensive, so it is difficult for SOHO or personal users to introduce these systems. However; if there existed some defects in security at these small sites, it might cause substantial security problems in other sites via these sites. In this paper, we present our security system, which is called Dynamic Firewall, that is constricted by IDS and firewall which are prevailed as freeware. Generally, firewalls are used to filter network attacks according to the rules set by network administrators in advance. On the other hand, our Dynamic Firewall can detect these attacks by IDS and filter these attacks automatically. We tested filtering performances of Dynamic Firewall under low and high traffic conditions. As results of this experiments, we confirmed that a machine using K6- II 533MHz can filter attacks at 10 second and a machine using Pentium III 1GHz at about 2 second under the traffic condition of 30Mbps.
展开▼
机译:Internet安全已成为最近Internet环境中最热门的话题。已在许多站点中安装了防火墙和IDS系统,以应对黑客入侵和计算机病毒。但是,这些设备或软件相对昂贵,因此SOHO或个人用户很难引入这些系统。然而;如果这些小型站点在安全性方面存在某些缺陷,则可能会通过这些站点在其他站点中引起严重的安全问题。在本文中,我们介绍了我们的安全系统,称为动态防火墙,该系统受IDS和防火墙的约束,而IDS和防火墙通常是免费软件。通常,防火墙用于根据网络管理员预先设置的规则过滤网络攻击。另一方面,我们的动态防火墙可以通过IDS检测到这些攻击并自动过滤这些攻击。我们在高流量和低流量条件下测试了动态防火墙的过滤性能。作为该实验的结果,我们证实了在30Mbps的流量条件下,使用K6-II 533MHz的计算机可以在10秒内过滤攻击,而使用Pentium III 1GHz的计算机可以在大约2秒内过滤攻击。
展开▼
