Analyse IDS to inbreak testing system
Inbreak detect the technology is to protect his actively to dismiss the technology of security of a kind of network that suffers attack. As the reasonable complement of firewall, inbreak detect the technology can help a system meet network charge, expanded the safety of systematic manager runs ability (include safety to audit, surveillant, attack identifies and be answered) , raised the integrality of information safety infrastructure. A certain number of its crucial points from inside computer network system gather information, analyse these information. This period special subject us general from inbreak detect proceed with of square all along of technical principle, technology application and its product and development explains inbreak detect technology...
Normally for, an enterprise or orgnaization preparation march when this domain, often choose from the IDS proceed with that is based on a network, because there are the open source code of a lot of this respects and data on the net, it is easier that implementation rises, and, the IDS that is based on a network gets used to ability strong. Had the development experience of simple network IDS, the difficulty that strides to the respect such as the IDS that is based on lead plane, distributed IDS, intelligence IDS again is a lot of less. Here, the author will is with be based on the IDS of the network exemple, the IDS that introduces a model develops train of thought.
According to CIDF standard, we inbreak from functional admiral testing system differentiates to divide for 4 basic ministries: Data collects subsystem, data to analyse subsystem of subsystem, console subsystem, database management, if attached drawing place is shown.
Specific implementation rises, collect data subsystem commonly (weigh detector again) analyse subsystem to come true on Linux or Unix platform with data, the number that we weigh analyses central; to be in console subsystem according to collecting Windows NT or 2000 on implementation, database management subsystem is based on the database with Access or other more powerful function, be united in wedlock together with console subsystem more, we say to control a management center. The article is an introductory data to collect analytic center and the implementation that control a management center with Linux and Windows NT platform.
Can build to inbreak basically according to following measure compose testing system.
The first pace gets Libpcap and Tcpdump
Audit trail is the data origin of IDS, and the foundation that data collects a mechanism is implementation IDS, otherwise, one can't make bricks without straw, inbreak detect mention with respect to have no way.
What data collects subsystem to be located in IDS is the most rock-bottom, its are main the purpose is get event from inside network environment, offer event to other part. At present more popular way is: Use Libpcap and Tcpdump, block the network park " jumbly " mode, capture a certain net paragraph on all data flow.
Previous12 Next