Increasing Overall Network Security by Integrating Signature-Based NIDS with Packet Filtering Firewall

Today network intrusion detection and intrusion prevention system (NIDS/IPS) are considered as one of the hottest topics in computer security. On the other side firewalls have optimized several times and different types have been introduced. Today by integrating NIDS and firewall a new product comes to the market, which is called IPS. IPSs protect information systems from unauthorized access, damage or disruption. They are installed on network primary point and perform deep packet inspection (6 layers) so the hardware should be fast enough to sit almost invisibly within the network. This policy requires expensive hardware which is based on multiple server processor technology. It also needs appropriate changes in network design and policies. The cost may not be so reasonable for medium and small size companies. In this paper we are going to implement some kind of integration between signature-based NIDS and packet filtering firewalls which would increase the overall security by a reasonable cost in compare with modern IPSs. We try to conclude this by optimizing snort as a famous open source NIDS with a sample firewall program in Linux which is implemented by means of IPTABLES commands. The data is transferred in standard XML format. We also test the model by standard DARPA99 data sets and the results are satisfied.