Professional Documents
Culture Documents
Hethongphathienxamnhapids 140528223354 Phpapp01
Hethongphathienxamnhapids 140528223354 Phpapp01
NI DUNG
Xm nhp (Intrusion)
H thng IDS
SNORT
Trin khai thc t
Password cracking
Scanning ports and services
Spoofing e.g. DNS spoofing
Network packet listening
Stealing information
Unauthorized network access
Uses of IT resources for private purpose
Falsification of identity
Information altering and deletion
Unauthorized transmission and creation of data
Configuration changes to systems and n/w
services
Kch bn xm nhp
Thu thp
thng tin mc
su
Thu thp
thng tin
Tn cng
Xm nhp
thnh cng
Hng thnh
qu & gii tr
Password
Protection
C th b mt,
b d v b thay
i
Security
Firewall
VPN
Vn b can thip
gia ng truyn
IDS
H thng IDS
IDS (Intrusion Detection System) l h
thng gim st lu thng mng (c th l
mt phn cng hoc phn mm), c kh
1. Nhn din
- Cc nguy c c th xy ra
- Cc hot ng thm d h thng
- Cc yu khuyt ca chnh sch bo mt
IDS
Yu cu i vi IDS
1. Khng xem
nhng hnh ng
thng thng l
nhng hnh ng
bt thng, lm
dng (low rate of
false positive
alert)
Chnh xc
Chu li
Hiu nng
2. Pht hin xm
nhp tri php
trong thi gian
thc
3. Khng c
b qua xm
nhp tri php
no (no false
negative
instances)
M rng
Trn vn
4. Phi c kh
nng chng li
v hot ng tt
khi b tn cng
5. Phi c kh
nng x l trong
trng thi xu
nht m khng
b st thng tin,
trong cc kin
trc mng ln
TRUE-POSITIVE
FALSE-POSITIVE
TRUE-NEGATIVE
FALSE-NEGATIVE
Sensor/Agent
Management
Server
Database
Sensor/NIDS; Agent/HIDS
Console
V d IDS
Signature-base Abnormaly-base
so snh cc du hiu ca
i tng quan st vi cc
du hiu ca cc mi nguy
hi bit
so snh nh ngha ca
nhng hot ng bnh
thng v i tng
quan st nhm xc nh
cc lch (threshold
detection & statistical
measures).
Stateful Protocol
Analysis
so snh cc profile nh trc
ca hot ng ca mi giao
thc c coi l bnh thng
vi i tng quan st t
xc nh lch.
Cc m hnh IDS
HIDS (Host-based IDS): Tp trung &
Phn tn
Gim st:
Cc gi tin i vo
Cc tin trnh.
Cc entry ca Registry.
Mc s dng CPU.
Kim tra tnh ton vn
v truy cp trn h thng file.
Hn ch
Cc m hnh IDS
NIDS (Network-based Intrusion
Detection System)
Hn ch
Qun l c c mt
network segment
Trong sut vi ngi s
dng ln k tn cng
Ci t v bo tr n gin,
khng nh hng ti mng
Trnh DoS nh hng ti
mt host no
C kh nng xc nh li
tng Network (M hnh
OSI)
c lp vi OS
Cc m hnh IDS
DIDS (Distributed Intrusion Detection
System)
Cc m hnh IDS
WIDS (Wireless Intrusion Detection
System)
Cc m hnh IDS
NBAS(Network Behavior Analysis
System): l mt NIDS nhn din cc nguy c to
ra cc lung d liu bt thng trong mng
SNORT
Pht trin nm 1998 bi Sourcefire v
CTO Martin Roesch
Phn mm m ngun m
Vi hn 3,7 triu lt ti v v hn
250 ngn ngi dng ng k
Hot ng:
Packet Sniffer
Packet logger
IDS/IPS
Inline (Linux)
Preprocessor
Output Modules
Snort Rule
Cu trc ca Rule:
WinIDS - Snort