資源描述:
《網(wǎng)絡(luò)安全防范技術(shù)入侵檢測(cè)與入侵防護(hù)系統(tǒng)》由會(huì)員上傳分享,免費(fèi)在線閱讀,更多相關(guān)內(nèi)容在教育資源-天天文庫(kù)。
1、第6章 網(wǎng)絡(luò)安全防范技術(shù)計(jì)算機(jī)網(wǎng)絡(luò)安全張純?nèi)萑肭謾z測(cè)與入侵防護(hù)系統(tǒng)近幾年網(wǎng)絡(luò)安全研究的發(fā)展過(guò)程防火墻技術(shù)的研究:在網(wǎng)絡(luò)邊界保衛(wèi)內(nèi)部網(wǎng)。VPN技術(shù)的研究:連接分散的內(nèi)部網(wǎng),完成內(nèi)部網(wǎng)外延的擴(kuò)大,與防火墻技術(shù)結(jié)合比較緊密。認(rèn)證、PKI技術(shù)的研究:進(jìn)一步擴(kuò)大內(nèi)部網(wǎng)的外延,同時(shí)建立廣義的信任關(guān)系。入侵檢測(cè)技術(shù)的研究:承接防護(hù)和響應(yīng)的過(guò)程。入侵檢測(cè)(IntrusionDetection,ID)入侵檢測(cè)就是對(duì)(網(wǎng)絡(luò))系統(tǒng)的運(yùn)行狀態(tài)進(jìn)行監(jiān)視,發(fā)現(xiàn)各種攻擊企圖、攻擊行為或者攻擊結(jié)果,以保證系統(tǒng)資源的機(jī)密性、完整性與可用性。一個(gè)完整的入侵檢測(cè)系統(tǒng)必須具備
2、下列特點(diǎn):經(jīng)濟(jì)性、時(shí)效性、安全性、可擴(kuò)展性入侵檢測(cè)的發(fā)展簡(jiǎn)介可分為3個(gè)階段:安全審計(jì)SecurityAudit):審計(jì)定義為對(duì)系統(tǒng)中發(fā)生事件的記錄和分析處理過(guò)程。入侵檢測(cè)系統(tǒng)(IntrusionDetectionSystem,IDS)入侵防范系統(tǒng)(IntrusionPreventionSystem,IPS,又稱為入侵防護(hù)系統(tǒng)或入侵保護(hù)系統(tǒng)):IPS技術(shù)可以可以深度感知并檢測(cè)流經(jīng)網(wǎng)絡(luò)的數(shù)據(jù),對(duì)惡意報(bào)文進(jìn)行丟棄以阻斷攻擊,對(duì)濫用報(bào)文進(jìn)行限流以保護(hù)網(wǎng)絡(luò)帶寬資源CommonIntrusionsMARSRemoteWorkerRemoteBran
3、chVPNVPNVPNACSIronPortFirewallWebServerEmailServerDNSLANCSAZero-dayexploitattackingthenetworkIntrusionDetectionSystems(IDSs)AnattackislaunchedonanetworkthathasasensordeployedinpromiscuousIDSmode;thereforecopiesofallpacketsaresenttotheIDSsensorforpacketanalysis.However,t
4、hetargetmachinewillexperiencethemaliciousattack.TheIDSsensor,matchesthemalicioustraffictoasignatureandsendstheswitchacommandtodenyaccesstothesourceofthemalicioustraffic.TheIDScanalsosendanalarmtoamanagementconsoleforloggingandothermanagementpurposes.SwitchManagementConso
5、le123TargetSensorIntrusionPreventionSystems(IPSs)AnattackislaunchedonanetworkthathasasensordeployedinIPSmode(inlinemode).TheIPSsensoranalyzesthepacketsastheyentertheIPSsensorinterface.TheIPSsensormatchesthemalicioustraffictoasignatureandtheattackisstoppedimmediately.TheI
6、PSsensorcanalsosendanalarmtoamanagementconsoleforloggingandothermanagementpurposes.TrafficinviolationofpolicycanbedroppedbyanIPSsensor.SensorManagementConsole123Target4BitBucketCommoncharacteristicsofIDSandIPSBothtechnologiesaredeployedusingsensors.Bothtechnologiesusesi
7、gnaturestodetectpatternsofmisuseinnetworktraffic.Bothcandetectatomicpatterns(single-packet)orcompositepatterns(multi-packet).ComparingIDSandIPSSolutionsAdvantagesDisadvantagesNoimpactonnetwork(latency,jitter)NonetworkimpactifthereisasensorfailureNonetworkimpactifthereiss
8、ensoroverloadResponseactioncannotstoptriggerpacketsCorrecttuningrequiredforresponseactionsMusthaveawell