Research on Network Security Defense Model Based on Combination Strategy of Firewall and IPS

Abstract

Firewall and intrusion detection system are widely used network security protection equipment, which plays a vital role in preventing network attack and intrusion. However, they have inevitable defects, which reduces the protection function provided in actual use. Therefore, in order to further improve network security, this paper designs a new network security protection technology which can integrate the advantages of multiple security technologies and make up for their shortcomings. This paper proposes a network security defense model based on the combination strategy of firewall and IPS. The purpose of policy based intrusion prevention system (pb-ips) is to realize the real combination of security management and network management system. This can take the network management system as the intermediary, integrate the firewall technology and intrusion detection technology, and realize a new network security protection measures.