The Design and Building of a Distributed High-Confidence E-mail System

摘要

Complex network infrastructures and globally interconnected information resources and services are increasingly vulnerable to disruption or denial of service, and corruption of assets. While being essential for defending a network, firewalls cannot defend against all attacks. Meanwhile, network intrusion detection systems (NIDS) provide another layer of defense by monitoring traffic for predefined suspicious activity, and alert system administrators when potential hostile traffic is detected. This paper describes an ongoing project for the design and deployment of a distributed high-confidence e-mail system by integrating open-source packages. The whole system works by using distributed NIDS and log mining to discover abusing or attacking attempts, thus generating protection rules for distribution via distributed agents to each subsystem, and later using the firewalls to stop further abusing traffic. Finally, an MRTG-like online resource-usage monitor is setting up for easily monitoring the operation of the entire system.