Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
The invasion examines the (IDS) discussion and the network security trend of development
  Add date: 07/12/2008   Publishing date: 07/12/2008   Hits: 4
Total 2 pages, Current page:1, Jump to page:
 
Enhances unceasingly along with the network security risk coefficient, once took the most main safe guard method the firewall, already could not satisfy the people to the network security demand. Takes to the firewall and the beneficial supplement, IDS (invasion examination system) can help the network system fast discovery attack the occurrence, it expanded system manager's safety control ability (including safe audit, surveillance, attack recognition and response), enhanced the information security foundation structure integrity.

  First, invasion examination system (IDS) annotation

  IDS is one kind of network security system, when has the enemy or the malicious user attempts enters the network even computer system through Internet, IDS can examine, and carries on the warning, the notice network should take the measure to carry on the response.

  In essentially, the invasion examination system is one kind typical “spies on the equipment”. It does not bridge many physical webpages (usually only then a monitor port), does not need to retransmit any current capacity, but only needs in the network, not to have the text which passively the sound collects it to care then. Invasion examination/response flow as shown in Figure 1.


Figure 1: Invasion examination/response flow chart

  At present, the IDS analysis and the examination invasion stage carries on the analysis generally through the following several technological means: Characteristic storehouse match, based on statistical analysis and complete analysis. And the first two methods use in the real-time invasion examination, but the complete analysis uses in analyzing afterward.

  Second, IDS existence question

  1st,/the rate of missing report is by mistake high
  The IDS commonly used examination method has the feature detection, exceptionally to examine, the condition examination, the protocol analysis and so on. But these detection mode has the flaw. For instance exceptionally examines usually uses the statistical method to carry on the examination, but in statistical method's threshold value determined effectively with difficulty, the too small value will have the massive misinformations, the too great value will produce massive failing to report. But in protocol analysis's detection mode, IDS generally simply has only processed commonly used like HTTP, FTP, SMTP and so on, other massive agreement text completely possibly causes IDS to fail to report, if the consideration support as far as possible many agreement type analysis, the network cost will be unable to withstand.

  2nd, does not have the active defense ability
  The IDS technology has used one kind of pre-establishment type, the characteristic analytic expression principle of work, therefore the examination rule's renewal always falls behind the attack method renewal.

  3rd, lacks the accurate localization and the processing mechanism
  IDS can only distinguish the IP address, is unable to locate the IP address, cannot the identification data origin. IDS system at discovery attack's time, can only close the network export and the server and so on minority port, but will close like this simultaneously will affect other normal users the use. Therefore it lacks the more effective response processing mechanism.

 
Other pages: : 1 * 2 * Next>>
Prev:Honey jar and honey net against black blockade invasion examination Next:Four next generation invasions examine the (IDS) key technologies analysis

Comment:

Category: Home > invades the examination
Home