第6章_网络安全防范技术入侵检测及入侵防护系统
合集下载
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
温州大学
5
Common Intrusions
MARS ACS
VPN
Remote Worker
Zero-day exploit attacking the network
Firewall
VPN
VPN
Remote Branch
Iron Port
CSA LAN
Web Server
Email Server
DNS
温州大学
6
Intrusion Detection Systems (IDSs)
1. An attack is launched on a network that has a sensor deployed in promiscuous IDS mode; therefore copies of all packets are sent to the IDS sensor for packet analysis. However, the target machine will experience the malicious attack. The IDS sensor, matches the malicious traffic to a signature and sends the switch a command to deny access to the source of the malicious traffic. The IDS can also send an alarm to a management console for logging and other management purposes.
温州大学
9
Βιβλιοθήκη Baidu
Comparing IDS and IPS Solutions
Advantages Disadvantages Response action cannot stop trigger packets No impact on network (latency, jitter) Correct tuning required for response actions No network impact if there is a sensor failure Must have a well thoughtout security policy No network impact if there is sensor overload More vulnerable to network evasion techniques
入侵检测技术的研究:承接防护和响应的过程。
温州大学
3
入侵检测(Intrusion Detection,ID)
入侵检测就是对(网络)系统的运行状态进行监视,发 现各种攻击企图、攻击行为或者攻击结果,以保证系统 资源的机密性、完整性与可用性。 一个完整的入侵检测系统必须具备下列特点:经济性、 时效性、安全性、可扩展性
Switch
1 2
Sensor
2.
3.
3
Management Console
Target 温州大学
7
Intrusion Prevention Systems (IPSs)
1 1. An attack is launched on a network that has a sensor deployed in IPS mode (inline mode). 2. The IPS sensor analyzes the packets as they enter the IPS sensor interface. The IPS sensor matches the malicious traffic to a signature and the attack is stopped immediately. 3. The IPS sensor can also send an alarm to a management console for logging and other management purposes. 4. Traffic in violation of policy can be dropped by an IPS sensor.
2
Sensor
4
Bit Bucket
3
Management Console
Target 温州大学
8
Common characteristics of IDS and IPS
Both technologies are deployed using sensors. Both technologies use signatures to detect patterns of misuse in network traffic. Both can detect atomic patterns (singlepacket) or composite patterns (multipacket).
第6章 网络安全防范技 术
计算机网络安全 张纯容
1
入侵检测与入侵防护系 统
2
近几年网络安全研究的发展过程
防火墙技术的研究:在网络边界保卫内部网。 VPN技术的研究:连接分散的内部网,完成内部网外延 的扩大,与防火墙技术结合比较紧密。 认证、PKI技术的研究:进一步扩大内部网的外延,同 时建立广义的信任关系。
温州大学
4
入侵检测的发展简介
可分为3个阶段:
安全审计Security Audit): 审计定义为对系统中发生事件的记 录和分析处理过程。 入侵检测系统(Intrusion Detection System,IDS) 入侵防范系统(Intrusion Prevention System,IPS,又称为 入侵防护系统或入侵保护系统):IPS技术可以可以深度感知并检 测流经网络的数据,对恶意报文进行丢弃以阻断攻击,对滥用报 文进行限流以保护网络带宽资源
Promiscuous Mode
IDS
温州大学
10
Comparing IDS and IPS Solutions