IDS and firewall interaction to see NAP Author: Wen Cao Bin Source: China's computer networks and communications, 2003 May 27 April this year, Neusoft also released a network security of new products released to the industry in order to secure product linked to The purpose of the purpose of the NAP protocol, the first time to standardize the linkage, causing the industry's attention. In this regard, their interpretation is that the current linkage thunder is large, the rainpoint is a realistic, they believe that the joint action promoted by the public language in this public language is an effective attempt, they hope to pass this The way, let the linkage can truly move, and finally bring real benefits to users. "Linkage" requires a public language "linkage" is currently a very fashionable concept in the network security community. Although there are already historical history of three or four years, so far, it has not been fully developed. The linkage is essentially a mechanism for information interoperability between safety products. Its theoretical basis is that the significance of safety incident is not local, and the security incident will be announced to the relevant security system to help assess security incidents from the global scope. Threats and take action at the appropriate location. It should not only be limited to firewall and intrusion detection, but also many other security components, such as alarm and auditing systems, require security host systems, business systems, and even network devices, etc., as long as they have occurred in a node. Safety events, whether it is a simple system captured original event or some system "judgment" with analytical capabilities, it may need to pass this event to related systems through a mechanism. Therefore, "linkage" is a manifestation that realizes interoperability between safety products. It is also a "public language" as a foundation, namely a protocol that enables the product to deliver information.
Linkage system diagram
This agreement should not need to rely on a business alliance, otherwise it is difficult to ensure that it is completely open. The existing business alliance in the industry is often used as the core, and other manufacturers' products are implemented with a certain product of the core manufacturers under the support of some semi-disclosed SDK. The user is easy to find that there is often no competitive relationship with the initiator in such a league. This situation makes the linkage technology does not have a good development in actual use, and the commercial alliance established in the name of "linkage" has formed several islands, "Linkage" cannot develop into general support. The linkage between the existing products lacks the actual effect, most of the linkage of the linkage is only the extent of "linkage function", and many users do not use linkage in their actual system. The reason for this problem is that on the one hand, because the user can choose to have a small space, on the other hand, many manufacturers have not investive in linkage technology for the lack of long-term confidence in the business alliance. Any technology, from the concept of the concept, there is a need for many manufacturers to invest and innovate, and this premise is a fully open foundation. The linkage technology is just a lack of such an open foundation, lacks a completely equal open linkage agreement. The implementation of such a protocol is simple enough and effective; it has a sufficient description ability for security information; it can allow expansion, and when the agreement is developed, it can easily implement compatibility of the old system. The protocol is communication in public language. When there is an application that requires multiple system interactions, there will be one or a set of protocols to ensure that there is interoperability between multiple systems. The protocol is "public language" in multiple systems that communicate with each other, and there is no existence of such a public language, and extensive interoperability is impossible. Let us look at the example in history. For example, the famous TCP / IP is a set of protocols that constitute the foundation of the network interconnection now, it can be said that there is no TCP / IP without the Internet today. TCP / IP is open, so if you need to connect your local area network to other networks, you need a router that implements IP protocols, which can come from Cisco, 3COM, or from Huawei, Harbor, these equipment Configuration is correct, you can communicate with each other because they all have standard IP protocols. It is also because of the existence of this agreement, all manufacturers know how to "exchange" with other manufacturers, and there is no need to achieve commercial alliances in order to achieve interoperability, or for a common development test, or Manufacturers provide development tools such as SDK, they need only an open agreement, so the router market is thriving, and all kinds of excellent products are endless. Similar examples have a lot. The network information system we use every day does not have a protocol that does not depend on these disclosure, no one is not because of these public agreements. For systems that need to be interconnected, there is an open protocol that is critical and is sufficient. The NAP protocol made the linkage because of the above ideas, therefore, Dongping did such a first "eating crab", proposed NAP (NAP Alert Protocol) protocol, which is a completely open The agreement, the text describing the protocol is fully disclosed. Therefore, any product that needs to be linked, whether it is IDS or a firewall, or other security products, can be implemented in accordance with the protocol text. According to the product developed in this protocol, whether it is a product that is not east, it can achieve inter-inter-linkage. NAP uses TCP as a transmission means, using simple and reliable authentication and encryption methods to ensure the reliability and security of inter-system communication. The security event transmitted in NAP is described using XML. Since XML is a very strong descriptive text method, it can be passed very rich information.
