IDS - ntoni na? Ukungena Detection System (AIDS) njenge umsebenzi?

IDS - yintoni na? Ingaba njani oku ukusebenza nkqubo? System Ukungena Detection - hardware okanye isoftwe zokubhaqa ukuhlaselwa kunye umsebenzi ngolunya. Zinceda uthungelwano kunye neenkqubo zekhompyutha ukunika kubo ayikuthandi efanelekileyo. Ukuphumeza oku, IDS iqokelele ingcaciso evela kwinkqubo okanye womnatha imithombo emininzi. Ke IDS icakaca ukuba ukufumanisa ubukho uhlaselo. Eli nqaku liza kuzama ukuba uphendule lo mbuzo: "? IDS - yintoni na kwaye yintoni na ukuba"

Zeziphi iinkqubo Ubhaqo intrusion (AIDS)

Iinkqubo zolwazi kunye nothungelwano bajikelezwe Cyber-uhlaselo. Firewalls kanye unqulo ukubonisa zonke ezi ukuhlaselwa akwanelanga, kuba bayakwazi ukukhusela i "emnyango" kweenkqubo zekhompyutha kunye nothungelwano kuphela. Ezinye elivisayo, babecinga ngokwabo imigewu, rhoqo lalivunguza intanethi ekhangela izikhewu kwiinkqubo zokhuseleko.

Enkosi kwi-World Wide Web zokulenza kakhulu ngokupheleleyo-software eyingozi - nayiphi yee-, slepperov kunye neenkqubo ezifana ngolunya. Inkonzo imigewu professional akhuphisana iinkampani Nokwethisa omnye. Ukuze iinkqubo zokuva kuhlaselwa (iinkqubo intrusion bangabonwa), - yesizathu esingxamisekileyo. Akumangalisi ukuba yonke mini ukuba iya kusetyenziswa kakhulu ngokubanzi.

izakhi IDS

Iziqalelo of IDS ziquka:

• esezantsi kakutsha, injongo - zokwanda koovimba iziganeko womnatha okanye iinkqubo zekhompyutha;
• Uhlalutyo esezantsi ukuba ibhaqa wahlaselwa intanethi kunye nomsebenzi ezingaqondakaliyo;
• yokugcina yokugcina ulwazi malunga iziganeko kunye neziphumo zohlalutyo yokuhlaselwa intanethi kunye nezenzo ezingagunyaziswanga;
• ulawulo console ngayo IDS kunokwenzeka ukucwangcisa parameters, esweni imeko network (okanye inkqubo yekhompyutha), ukuze bakwazi ukufikelela kulwazi malunga uhlaselo uhlalutyo esezantsi ibhaqwe kunye nezenzo ezingekho mthethweni.

Enyanisweni, abaninzi basenokubuza, "liguqulelwe njani IDS?" Translation evela IsiNgesi iyalila "inkqubo yokuba eyifumana nabaqhekezi ezishushu."

Imisebenzi esisiseko ukusombulula inkqubo Ubhaqo intrusion

Ukungena Detection System na iinjongo ezimbini eziphambili: analysis of imithombo yolwazi kunye impendulo efanelekileyo, ngokusekelwe kwiziphumo kolu hlahlelo. Ukuze kuphunyezwe ezi imisebenzi system IDS yenza le manyathelo alandelayo:

• esweni aze ahlalutye umsebenzi womsebenzisi;
• Oku ukwenza kuphicotho zoqwalaselo kunye nobuthathaka yayo;
• Iqwalasela ingqibelelo iifayile ezibalulekileyo kunye iifayili zedatha;
• uqhuba analysis manani inkqubo ithi isekelwe phezu kuthelekiswa nemiqathango ezenzeke ngexesha ukuhlaselwa kwaziwa;
• It etshekisha indlela yokusebenza.

Oko ukunika inkqubo Ubhaqo intrusion, yaye akabanga nako

Ungayisebenzisa ngayo ukuphumeza oku kulandelayo:

• kuphuculwe ukuthembeka parameters yothungelwano lwezakhiwo;
• ukulandelela umsebenzi umsebenzisi ngomhla wokungenela yayo kwinkqubo kwaye kwisicelo ngomonakalo okanye ukwenza nayiphi na izenzo ezingagunyaziswanga;
• ukuchonga ulwazi malunga notshintsho, okanye ukucima data;
• Yona imisebenzi esweni Internet ukuze ufumane kuhlaselo lwakutshanje;
• zisiva ukuba impazamo kuqwalaselo lwendlela;
• ukubona ukuhlasela ekuqaleni wazise.

I-AIDS akakwazi ukwenza loo nto;

• ukugcwalisa izithuba iprotocol womnatha;
• indima zembuyekezo ukuze udlale xa kuthe kothungelwano ezibuthathaka lokuzazisa kunye ungqinisiso iindlela okanye iinkqubo zekhompyutha ukuba ababeki;
• Kufuneka kuqatshelwe ukuba IDS akusoloko ukumelana neengxaki ezinxulumene kuhlaselo kwinqanaba ipakethe (ipakethe-level).

IPS (inkqubo yothintelo intrusion) - Ukubek 'IDS

IPS imela "inkqubo yokuthintela bangenele." Oku eliphezulu, esebenza ngakumbi IDS esiXhoseni. iinkqubo IPS ID izidubuli (ngokwahlukileyo kwi ngesiqhelo). Oku kuthetha ukuba kuphela abone, irekhodi kunye qwa malunga uhlaselo, kodwa ukwenza imisebenzi nokhuseleko. Le misebenzi ibandakanya iikhompawundi kwakhona yaye evalela i iipakethi yezithuthi ozayo. Enye inkalo ye IPS kukuba basebenza intanethi kwaye ngokuzenzekelayo ukuvimba uhlaselo.

Zenyathi IDS indlela iliso

NIDS (okt AIDS, leyo esweni komsebenzi womnatha opheleleyo (network)) wenza uhlahlelo ukuwela subnets yaye kulawulwa. lungiselelo rhoqo NIDS eziliqela esweni onokufikelela ubungakanani womnatha kahle esikhulu.

Basebenza kwimo kakubi (okt khangela zonke iipakethi ezingenayo, endaweni yokwenza oko emane) sithelekise subnet kwezithuthi esihlasela ndazise yamathala eencwadi aso. Xa yokuhlasela kuchongwa okanye Sithole umsebenzi engagunyaziswanga, umlawuli uthunyelwa i alarm. Nakuba kunjalo, kufuneka kuchazwe ukuba womnatha enkulu traffic high NIDS maxa wambi ukumelana lonke uvavanyo ulwazi iipakethi. Ngoko ke, kukho kungenzeka ukuba ebudeni "lixa rush", abayi kuba nako ukuqaphela uhlaselo.

NIDS (network-based AIDS) - ezi mitshini lula ihlanganiswe njengoko impembelelo eninzi uye womnatha yethopholoji omtsha ngentsebenzo yabo, abanako, ukuba kwisixando sokwenziwa. Bona fixed kuphela kubhaliwe kwaye lazise, ngokungafaniyo iinkqubo izidubuli uhlobo IPS ebekuthethwe ngazo ngasentla. Nakuba kunjalo, kufuneka kwakhona kuthiwa malunga IDS womnatha-based, le yinkqubo akakwazi uhlaziye idatha phantsi encryption. Oku kuyinto embi kakhulu ngenxa yokwanda ukuqaliswa inethwekhi yabucala enembonakalo yenyani (VPN) ukuba uguqulele kwi khowudi i nkcazelo liya kusetyenziswa cybercriminals ukuhlasela.

NIDS kwakhona akakwazi ukubona into eyenzekayo ngenxa yokuhlaselwa, yabangela umonakalo okanye hayi. Bonke ke imali - ukuba ukulungisa ekuqaleni kwayo. Ngoko ke, umlawuli onyanzelwayo ukuba ukuphinda-tikambisisa lonke ityala ukuhlasela ukuqinisekisa ukuba uhlaselo laphumelela. Enye ingxaki enkulu kukuba NIDS ngenkankulu ithumba ukuhlasela ngokusebenzisa iipakethi iyachithwa. Ukuba iyingozi kakhulu ngenxa yokuba kusenokuphazamisa lo msebenzi eqhelekileyo NIDS. Kuthetha ntoni oku yonke inkqubo womnatha okanye ikhompyutha, akukho mfuneko ukuchaza.

HIDS (host inkqubo intrusion detection)

HIDS (AIDS, host monitoryaschie (host)) bakhonze kuphela computer ethile. Kakade ke, inikela ukusebenza ngaphezulu kakhulu. HIDS lahlaziya iintlobo ezimbini ulwazi: inkqubo iinkuni kunye neziphumo uphicotho olusebenzisayo. Benza isifinyezo iifayile kwaye uthelekise umfanekiso ngaphambili. Ukuba ebaluleke Kubalulekile iifayile aguqulwe kancincane okanye zisuswe, ngoko umphathi ithumela i alarm.

HIDS inzuzo okuphawulekayo uyakwazi ukwenza umsebenzi wabo kwimeko apho womnatha traffic cipher sifo. Oku Bulelani kunokwenzeka ukuba yokuba ukuba kwinginginya (host-based) imithombo yolwazi anokwenziwa phambi encedisa idata ufihlo okanye emva khowudi yasiwa kumbhalo kwinginginya kuyo.

Ububi kule nkqubo ziquka ithuba uvimba wayo okanye ithintele usebenzisa iintlobo ezithile lwezinto-uhlaselo. Ingxaki nantsi kukuba abanye abenzi boluvo HIDS kunye nezixhobo uhlalutyo zibekwe phezu komkhosi, ephantsi ukuhlasela, oko kukuthi, nazo ukuhlasela. Inyaniso ukuba oovimba HIDS onke omsebenzi wakhe ukuba iliso, kakhulu, kunganzima ukuba ngokuba dibanisa, kuba ngokwemvelo kunciphisa nemveliso yazo.

Zenyathi AIDS kwi indlela yokubona ukuhlaselwa

mgaqweni Indlela, uhlalutyo Utyikityo indlela kunye nemigaqo-nkqubo - zenyathi ezinjalo indlela yokubona ekuhlaseleni i AIDS.

analysis utyikityo Indlela

Kulo mzekelo, i iipakethi data etshekishwa ukuba atyikitye ukuhlasela. Umtyikityo uhlaselo - siyafana umcimbi omnye imizekelo, echaza uhlaselo aziwayo. Le ndlela iphumelela kakhulu, kuba xa usebenzisa iingxelo zobuxoki zokuhlaselwa zinqabile kakhulu.

indlela okungahambi

Noncedo wakhe wafumana izenzo ezingekho mthethweni kwi network and umkhosi. Ngokwesiseko kwimbali yokusebenza yesiqhelo yomkhosi kunye network wadala iiprofayili ezizodwa data ngayo. Emva koko angene play ezizodwa detectors ukuba ukuhlalutya iziganeko. Ukusebenzisa ubuchule ezahlukeneyo Avelisa uhlalutyo kwezi ziganeko, ukuthelekisa nabo i "kwisiqhelo" kwi iinkangeleko. Ukungabikho imfuneko yokuba yande isixa esikhulu zasayinwa kokuhlaselwa - lokwengeza article yale ndlela. Nangona kunjalo, inani elininzi ubala malunga kuhlaselwa ne Nedlac, kodwa iziganeko womnatha kakhulu esemthethweni - oku thabatha yakhe ukuqina.

indlela umgaqo

Enye indlela ukubona ekuhlaseleni indlela nkqubo. Umongo kwayo - ekudalweni nemimiselo zokhuseleko womnatha, leyo, umzekelo, asenokubonisa ukuba uthungelwano siseko phakathi ngokwabo kwaye asetyenziswe kweli protocol. Le ndlela mbiso, kodwa kunzima kakhulu yinkqubo enzima yokudala iziko ledatha nkqubo.

Systems ID iya kunika ukhuselo oluthembekileyo lweenkqubo womnatha kunye nekhompyutha

Group ID Systems namhlanje yenye kummandla njengenkokheli yoshishino iinkqubo zokhuseleko network computer. Iya kukunika ukhuselo enokuthenjwa wokulwa-villains. awukwazi Ungakhathazeki malunga data yakho ebalulekileyo ukukhusela iinkqubo ID Systems. Ngenxa yoko baya kukwazi ukunandipha ubomi ngakumbi ngenxa yokuba intliziyo i akunangxaki.

Systems ID - ncomo abasebenzi

Great iqela, kwaye okona kubaluleke kakhulu, Kakade - oku sengqondo echanekileyo yolawulo ye nkampani ukuba abaqeshwa balo. Wonke (nkqu wabaqalayo elitsha), unalo ithuba yokukhulisa kulo msebenzi. Nangona kunjalo, kuba oku, Kakade ke, kufuneka ukuvakalisa ngokwabo, yaye ke konke kuya kuphumelela.

Xa iqela umoya esempilweni. Beginners zisoloko ngeenxa kuloliwe bonke show. Akukho ukhuphiswano engekho mpilweni akukho ngayo. Abasebenzi abasebenza kule nkampani iminyaka emininzi, uyakholiswa ukwabelana zonke iinkcukacha zobugcisa. Bathi banobubele, nokuba ngaphandle okunomnyinyivane ngokuzithoba uphendule le mibuzo yobudenge abasebenzi abangenamava. Ngokubanzi, ekusebenzeni kwi-Systems ID ezinye iimvakalelo ezinqwenelekayo.

ulawulo sengqondo wesilisa yamkholisa. Sikwanovuyo ukuba apha, ngokucacileyo, bayakwazi ukusebenza kunye nabasebenzi, kuba abasebenzi ngokwenene ofanayo kakhulu. Employee phantse engagungqiyo: baziva emsebenzini ekhaya.