資源描述:
《網(wǎng)絡(luò)安全防范技術(shù)入侵檢測(cè)與入侵防護(hù)系統(tǒng)》由會(huì)員上傳分享��,免費(fèi)在線閱讀,更多相關(guān)內(nèi)容在教育資源-天天文庫(kù)��。
1���、第6章 網(wǎng)絡(luò)安全防范技術(shù)計(jì)算機(jī)網(wǎng)絡(luò)安全張純?nèi)萑肭謾z測(cè)與入侵防護(hù)系統(tǒng)近幾年網(wǎng)絡(luò)安全研究的發(fā)展過(guò)程防火墻技術(shù)的研究:在網(wǎng)絡(luò)邊界保衛(wèi)內(nèi)部網(wǎng)�。VPN技術(shù)的研究:連接分散的內(nèi)部網(wǎng)�,完成內(nèi)部網(wǎng)外延的擴(kuò)大,與防火墻技術(shù)結(jié)合比較緊密���。認(rèn)證����、PKI技術(shù)的研究:進(jìn)一步擴(kuò)大內(nèi)部網(wǎng)的外延��,同時(shí)建立廣義的信任關(guān)系��。入侵檢測(cè)技術(shù)的研究:承接防護(hù)和響應(yīng)的過(guò)程�����。入侵檢測(cè)(IntrusionDetection��,ID)入侵檢測(cè)就是對(duì)(網(wǎng)絡(luò))系統(tǒng)的運(yùn)行狀態(tài)進(jìn)行監(jiān)視�,發(fā)現(xiàn)各種攻擊企圖�、攻擊行為或者攻擊結(jié)果�����,以保證系統(tǒng)資源的機(jī)密性�、完整性與可用性。一個(gè)完整的入侵檢測(cè)系統(tǒng)必須具備
2�����、下列特點(diǎn):經(jīng)濟(jì)性�、時(shí)效性、安全性����、可擴(kuò)展性入侵檢測(cè)的發(fā)展簡(jiǎn)介可分為3個(gè)階段:安全審計(jì)SecurityAudit):審計(jì)定義為對(duì)系統(tǒng)中發(fā)生事件的記錄和分析處理過(guò)程。入侵檢測(cè)系統(tǒng)(IntrusionDetectionSystem�,IDS)入侵防范系統(tǒng)(IntrusionPreventionSystem,IPS�����,又稱為入侵防護(hù)系統(tǒng)或入侵保護(hù)系統(tǒng)):IPS技術(shù)可以可以深度感知并檢測(cè)流經(jīng)網(wǎng)絡(luò)的數(shù)據(jù)���,對(duì)惡意報(bào)文進(jìn)行丟棄以阻斷攻擊��,對(duì)濫用報(bào)文進(jìn)行限流以保護(hù)網(wǎng)絡(luò)帶寬資源CommonIntrusionsMARSRemoteWorkerRemoteBran
3��、chVPNVPNVPNACSIronPortFirewallWeb�ServerEmailServerDNSLANCSAZero-dayexploitattackingthenetworkIntrusionDetectionSystems(IDSs)AnattackislaunchedonanetworkthathasasensordeployedinpromiscuousIDSmode;thereforecopiesofallpacketsaresenttotheIDSsensorforpacketanalysis.However,t
4�、hetargetmachinewillexperiencethemaliciousattack.TheIDSsensor,matchesthemalicioustraffictoasignatureandsendstheswitchacommandtodenyaccesstothesourceofthemalicioustraffic.TheIDScanalsosendanalarmtoamanagementconsoleforloggingandothermanagementpurposes.SwitchManagementConso
5����、le123TargetSensorIntrusionPreventionSystems(IPSs)AnattackislaunchedonanetworkthathasasensordeployedinIPSmode(inlinemode).TheIPSsensoranalyzesthepacketsastheyentertheIPSsensorinterface.TheIPSsensormatchesthemalicioustraffictoasignatureandtheattackisstoppedimmediately.TheI
6、PSsensorcanalsosendanalarmtoamanagementconsoleforloggingandothermanagementpurposes.TrafficinviolationofpolicycanbedroppedbyanIPSsensor.SensorManagementConsole123Target4BitBucketCommoncharacteristicsof�IDSandIPSBothtechnologiesaredeployedusingsensors.Bothtechnologiesusesi
7�、gnaturestodetectpatternsofmisuseinnetworktraffic.Bothcandetectatomicpatterns(single-packet)orcompositepatterns(multi-packet).ComparingIDSandIPSSolutionsAdvantagesDisadvantagesNoimpactonnetwork(latency,jitter)NonetworkimpactifthereisasensorfailureNonetworkimpactifthereiss
8、ensoroverloadResponseactioncannotstoptriggerpacketsCorrecttuningrequiredforresponseactionsMusthaveawell
