Hethongphathienxamnhapids 140528223354 Phpapp01

BI TP LN : MT M V AN TON D LIU
H THNG PHT HIN XM NHP IDS

(INTRUSION DETECTION SYSTEM)
GING VIN: PGS-TS. TRNH NHT TIN
HC VIN: BI AN LC K20HTTT
NI DUNG
Tng quan v ninh mng
Xm nhp (Intrusion)
H thng IDS
SNORT
Trin khai thc t
Tng quan an ninh mng

5 ni dung chnh ca bo mt:
Xc thc (authentication)
y quyn (authorization)
Cn mt (confidentiality)
Ton vn (integrity)
Sn sng (availability)
Tng quan an ninh mng

Cc nguy c tn cng i vi h thng:
C cu trc (structured threat)
Khng cu trc (unstructured thread)
T bn ngoi (external threat)
T bn trong (internal threat)
Xm nhp Khi nim

Xm nhp (intrusion): cc hnh ng ph
v tnh an ton bo mt truy nhp vo
h thng thng tin
Lm dng (misuse): cc hnh ng

khng hp l nhm s dng, tc ng
n ti nguyn bn trong ca t chc

Pht hin xm nhp: tin trnh nhm
pht hin cc xm nhp vo bn trong h
thng
Xm nhp Hnh thc

Tn cng Website (Web application
attack)
Truy nhp khng c y quyn n ti
nguyn h thng:
Password cracking
Scanning ports and services
Spoofing e.g. DNS spoofing
Network packet listening
Stealing information
Unauthorized network access
Uses of IT resources for private purpose
Xm nhp Hnh thc

Tc ng khng c y quyn n ti
nguyn h thng:
Falsification of identity
Information altering and deletion
Unauthorized transmission and creation of data
Configuration changes to systems and n/w
services
T chi dch v (DoS/DDoS)

Ping flood/Mail flood
Buffer overflow
Remote system shutdown
Kch bn xm nhp
Thu thp
thng tin mc
su
Thu thp
thng tin
Tn cng
Xm nhp
thnh cng
Hng thnh
qu & gii tr
Gii php bo mt truyn thng

Antivirus ch hot
ng tt vi nhng
virus bit
Antivirus
Password
Protection
C th b mt,
b d v b thay
i
Security
Khng pht hin ra

cc tn cng v
ngn chn chng
Firewall
VPN
Vn b can thip
gia ng truyn
IDS
H thng IDS
IDS (Intrusion Detection System) l h
thng gim st lu thng mng (c th l
mt phn cng hoc phn mm), c kh
nng nhn bit nhng hot ng kh nghi

hay nhng hnh ng xm nhp tri php
trn h thng mng trong tin trnh tn

cng (FootPrinting, Scanning, Sniffer),
cung cp thng tin nhn bit v a ra cnh
bo cho h thng, nh qun tr.
Cc chc nng ca IDS
1. Nhn din
- Cc nguy c c th xy ra
- Cc hot ng thm d h thng
- Cc yu khuyt ca chnh sch bo mt
IDS
2. Ghi nhn thng tin, log phc v

cho vic kim sot nguy c
- Ghi li v lu gi log cc s kin kh
nghi xy ra
- Bo co cho qun tr h thng
3. Ngn chn vi phm chnh sch bo
mt
Yu cu i vi IDS
1. Khng xem
nhng hnh ng
thng thng l
nhng hnh ng
bt thng, lm
dng (low rate of
false positive
alert)
Chnh xc
Chu li
Hiu nng
2. Pht hin xm
nhp tri php
trong thi gian
thc
3. Khng c
b qua xm
nhp tri php
no (no false
negative
instances)
M rng
Trn vn
4. Phi c kh
nng chng li
v hot ng tt
khi b tn cng
5. Phi c kh
nng x l trong
trng thi xu
nht m khng
b st thng tin,
trong cc kin
trc mng ln
Ma trn trng thi ca IDS

S kin khi mt thng ip thng
bo h thng pht hin mt hnh
ng xm nhp tht s
S kin khi mt thng ip thng

bo h thng pht hin mt hnh
ng xm nhp nhng li khng
phi l xm nhp tht s.
TRUE-POSITIVE
FALSE-POSITIVE
TRUE-NEGATIVE
FALSE-NEGATIVE
S kin khi h thng khng

sinh ra thng ip thng bo
v khng c hnh ng xm
nhp tht s.
S kin khi h thng khng

sinh ra thng ip thng bo
trong khi c hnh ng xm
nhp tht s ang din ra.
Ma trn tiu chun true-false ca IDS.
Cc thnh phn ca IDS

Gim st & phn tch cc hot ng
Sensor/Agent
Management
Server
Database
Sensor/NIDS; Agent/HIDS
Thit b trung tm thu nhn cc thng

tin t Sensor/Agent v qun l chng
Lu tr thng tin t Sensor/Agent, t

Management Server
Giao din qun tr cho IDS user/Admin
Console
Tin trnh x l ca IDS
V d IDS
Phng php nhn din

C th chia lm ba phng php
nhn din chnh l: Signature-base
Detection, Anormaly-base Detection
v Stateful Protocol Analysis
Signature-base Abnormaly-base
so snh cc du hiu ca
i tng quan st vi cc
du hiu ca cc mi nguy
hi bit
so snh nh ngha ca
nhng hot ng bnh
thng v i tng
quan st nhm xc nh
cc lch (threshold
detection & statistical
measures).
Stateful Protocol
Analysis
so snh cc profile nh trc
ca hot ng ca mi giao
thc c coi l bnh thng
vi i tng quan st t
xc nh lch.
Cc m hnh h thng IDS

H thng IDS c th trin khai theo cc m hnh sau (ph thuc vo qui
m, phm vi, tnh cht ca h thng, lp mng cn bo v).
HIDS (Host-based Intrusion Detection System)
NIDS (Network-based Intrusion Detection

System)
DIDS (Distributed Intrusion Detection System)
Wireless IDS (WIDS)
NBAS (Network Behavior Analysis System) &

HoneyPot IDS
Cc m hnh IDS
HIDS (Host-based IDS): Tp trung &
Phn tn
Gim st:
Cc gi tin i vo
Cc tin trnh.
Cc entry ca Registry.
Mc s dng CPU.
Kim tra tnh ton vn
v truy cp trn h thng file.
M hnh IDS - HIDS

Li th
Hn ch
Xc inh user lin

quan ti mt event.
Pht hin cc cuc tn
cng din ra trn mt
my.
Phn tch cc d liu
m ho.
Cung cp cc thng
tin v host trong lc
cuc tn cng din ra
trn host ny.
Khi b tn cng, thng tin

khng cn tin cy.
Phi c thit lp trn
tng host cn gim st
(Agent).
Khng c kh nng pht
hin cc cuc d qut
mng (Nmap, Netcat).
C th khng hiu qu
khi b DOS.
Cc m hnh IDS
NIDS (Network-based Intrusion
Detection System)
Thit lp Sensor kiu Inline
Thit lp Sensor kiu passive
M hnh IDS - NIDS

Li th
Hn ch
Qun l c c mt
network segment
Trong sut vi ngi s
dng ln k tn cng
Ci t v bo tr n gin,
khng nh hng ti mng
Trnh DoS nh hng ti
mt host no
C kh nng xc nh li
tng Network (M hnh
OSI)
c lp vi OS
C th pht sinh False positive

Khng th phn tch cc traffic
c m ha
Phi c cp nht cc signature
mi nht
C tr gia thi im b tn
cng vi thi im pht bo ng.
Khng cho bit vic attack c
thnh cng hay khng.
Gii hn bng thng
C th xy ra hin tng nghn c
chai khi lu lng mng hot ng
mc cao.
Cc m hnh IDS
DIDS (Distributed Intrusion Detection
System)
Cc m hnh IDS
WIDS (Wireless Intrusion Detection
System)
Cc m hnh IDS
NBAS(Network Behavior Analysis
System): l mt NIDS nhn din cc nguy c to
ra cc lung d liu bt thng trong mng
SNORT
Pht trin nm 1998 bi Sourcefire v
CTO Martin Roesch
Phn mm m ngun m
Vi hn 3,7 triu lt ti v v hn
250 ngn ngi dng ng k
Hot ng:
Packet Sniffer
Packet logger
IDS/IPS
Inline (Linux)
Cc thnh phn ca Snort

Packet Sniffer
Preprocessor

Detection Engine

Logging v Alerting System
Output Modules
Kin trc Snort

Kin trc chung ca Snort
Snort Rule
Cu trc ca Rule:
Cu trc ca Rule Header:

V d:
WinIDS - Snort
H thng IPS thc t
Share & Success Together!

Hethongphathienxamnhapids 140528223354 Phpapp01

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hethongphathienxamnhapids 140528223354 Phpapp01

Uploaded by

Copyright:

Available Formats

BI TP LN : MT M V AN TON D LIU

H THNG PHT HIN XM NHP IDS

Tng quan v ninh mng

Tng quan an ninh mng

Tng quan an ninh mng

Xm nhp Khi nim

Lm dng (misuse): cc hnh ng

n ti nguyn bn trong ca t chc

Xm nhp Hnh thc

Xm nhp Hnh thc

T chi dch v (DoS/DDoS)

Gii php bo mt truyn thng

Khng pht hin ra

nng nhn bit nhng hot ng kh nghi

trn h thng mng trong tin trnh tn

Cc chc nng ca IDS

2. Ghi nhn thng tin, log phc v

Ma trn trng thi ca IDS

S kin khi mt thng ip thng

S kin khi h thng khng

S kin khi h thng khng

Ma trn tiu chun true-false ca IDS.

Cc thnh phn ca IDS

Thit b trung tm thu nhn cc thng

Lu tr thng tin t Sensor/Agent, t

Giao din qun tr cho IDS user/Admin

Tin trnh x l ca IDS

Phng php nhn din

Cc m hnh h thng IDS

HIDS (Host-based Intrusion Detection System)

NIDS (Network-based Intrusion Detection

Wireless IDS (WIDS)

NBAS (Network Behavior Analysis System) &

M hnh IDS - HIDS

Xc inh user lin

Khi b tn cng, thng tin

Thit lp Sensor kiu Inline

Thit lp Sensor kiu passive

M hnh IDS - NIDS

C th pht sinh False positive

Cc thnh phn ca Snort

Cc thnh phn ca Snort

Cc thnh phn ca Snort

Kin trc Snort

Cu trc ca Rule Header:

H thng IPS thc t

Share & Success Together!

You might also like