METHOD AND SYSTEM FOR IMPLEMENTING SECURITY DEVICES IN A NETWORK

摘要

The security interface (105) is coupled to a network (115) and a plurality of security modules. The plurality of security modules may be coupled directly to the network (115) and the number and type of security modules may vary. The security modules coupled to the security interface (105) typically be categorized as either monitoring modules, response modules, or logic modules. The log analysis module (120) can examine the security logs of a host on the network (115). The protocol-based intrusion detection module (130) can monitor traffic on the network (115) for unwanted intruders. The logic modules (180) and (190) are operable for receiving and processing data from a security modules and giving instructions to other security modules. Logic modules (180) (190) also have common memory (185) (195) respectivelly. Log analysis module (120), protocol based IDS module (130), and system scanner module (140) have common memory (125) (135) (145) respectivelly. The block module (160), Internet scanner module (150) and response module (150), have common memory (165), (155), and (175) respectivelly. The response module (170) is an example of a security response module that can take action to correct a security issue identified by one of the monitoring modules. Each of the security modules coupled to the security interface (105) are able to communicate using the shared memory (110). Each security modules has a definition file and one or more message processors for processing messages received from other modules. Security policy guidelines (111) have security policy directives (112), and can be formulated by management and stores as policy directives in a storage device (113). The ability to store data is useful in tracking responses to messages sent to other security modules can also receive instructions in the form of policy directives (112) set by a manager of the network (115).