- 文字
- 歷史
Intrusion detection (Detection Intr
Intrusion detection (Detection Intrusion) is the detection of intrusion behavior. Through the collection and analysis of network behavior, security log, audit data, other networks can get information and computer systems in a number of key points of information, check your network or system in the existence of a breach of security strategy and the attacks were a sign of. Intrusion detection as a proactive security protection technology, provides real-time protection against internal attacks, external attacks and misuse of the network system to intercept and respond to intrusion before the network system. So it is considered that the second security gate after the firewall can monitor the network without affecting the performance of the network. Intrusion detection by performing the following tasks to achieve: monitoring and analysis of user and system activity. The system structure and the weakness of the audit; recognition reflects the known attack patterns of activity and to relevant personage alarm; abnormal behavior patterns of statistical analysis; assess the integrity of critical system and data files; the operating system audit trail management and user identification violation of security policy. Intrusion detection is a reasonable supplement to the firewall, can help the system cope with the network attack extends the safe management of system administrator (including security audit, monitoring, attack recognition and response), and increase the integrity of information security infrastructure. It collects information from a number of key points in a computer network system and analyzes the information to see if there are any signs of violations of security policies and attacks in the network.
According to the object of monitoring, the host or network is divided into host based intrusion detection system and network based intrusion detection system:
(1) host based intrusion detection system: intrusion detection by monitoring and analysis of the host's audit records. Whether the audit can be collected in time is one of the weaknesses of these systems, the intruder will host the audit subsystem as an attack target to avoid the intrusion detection system.
(2) network based intrusion detection system: Based on the network intrusion detection system by in the shared segment of data communications interception data collection and analysis of suspicious phenomenon. Such systems do not require the host to provide a rigorous audit, less consumption of the host resources, and can provide universal protection of the network without taking into account the different architectures of heterogeneous hosts.
(3) distributed intrusion detection system: at present, this technology has been applied in ISS products. It detects the data is also from the network data packets, the difference is that it uses a distributed detection, centralized management method. That a black box placed on each segment, the black box is equivalent to the intrusion detection system based on network, but no user interface. Black box used to monitor their network data flow, it according to the centralized security management center to develop security strategy and response rules to analyze data detection network, simultaneously to the centralized security management center send security event information. Centralized security management center is a user oriented interface for distributed intrusion detection system. It is characterized by the scope of the data protection is relatively large, but have a certain impact on network traffic.
According to the object of monitoring, the host or network is divided into host based intrusion detection system and network based intrusion detection system:
(1) host based intrusion detection system: intrusion detection by monitoring and analysis of the host's audit records. Whether the audit can be collected in time is one of the weaknesses of these systems, the intruder will host the audit subsystem as an attack target to avoid the intrusion detection system.
(2) network based intrusion detection system: Based on the network intrusion detection system by in the shared segment of data communications interception data collection and analysis of suspicious phenomenon. Such systems do not require the host to provide a rigorous audit, less consumption of the host resources, and can provide universal protection of the network without taking into account the different architectures of heterogeneous hosts.
(3) distributed intrusion detection system: at present, this technology has been applied in ISS products. It detects the data is also from the network data packets, the difference is that it uses a distributed detection, centralized management method. That a black box placed on each segment, the black box is equivalent to the intrusion detection system based on network, but no user interface. Black box used to monitor their network data flow, it according to the centralized security management center to develop security strategy and response rules to analyze data detection network, simultaneously to the centralized security management center send security event information. Centralized security management center is a user oriented interface for distributed intrusion detection system. It is characterized by the scope of the data protection is relatively large, but have a certain impact on network traffic.
0/5000
Deteksi intrusi (deteksi intrusi) adalah deteksi intrusi perilaku. Melalui pengumpulan dan analisis perilaku jaringan, log keamanan, audit data, jaringan lain dapat mendapatkan sistem informasi dan komputer dalam jumlah pokok-pokok informasi, memeriksa jaringan atau sistem di adanya pelanggaran keamanan strategi dan serangan itu tanda. Deteksi intrusi sebagai teknologi perlindungan keamanan yang proaktif, menyediakan real-time perlindungan terhadap serangan internal, eksternal serangan dan penyalahgunaan sistem jaringan untuk mencegat dan menanggapi intrusi sebelum sistem jaringan. Jadi hal ini dianggap bahwa gerbang keamanan kedua setelah firewall dapat memonitor jaringan tanpa mempengaruhi kinerja jaringan. Deteksi intrusi dengan melakukan tugas berikut untuk mencapai: monitoring dan analisis aktivitas pengguna dan sistem. Struktur sistem dan kelemahan audit; pengakuan mencerminkan pola dikenal serangan aktivitas dan alarm tokoh yang relevan; pola-pola perilaku abnormal dari analisis statistik; menilai integritas sistem kritis dan file data; sistem operasi audit trail manajemen dan pengguna identifikasi pelanggaran kebijakan keamanan. Deteksi intrusi adalah suplemen yang wajar untuk firewall, dapat membantu sistem mengatasi serangan jaringan meluas manajemen aman administrator sistem (termasuk audit keamanan, monitoring, serangan pengakuan dan respon), dan meningkatkan integritas infrastruktur keamanan informasi. Ini mengumpulkan informasi dari beberapa poin kunci dalam sebuah sistem jaringan komputer dan menganalisa informasi untuk melihat apakah ada tanda-tanda pelanggaran kebijakan keamanan dan serangan dalam jaringan.Menurut objek pemantauan, host atau jaringan terbagi menjadi intrusi berbasis host sistem deteksi intrusi berbasis sistem Deteksi dan jaringan:(1) host berbasis sistem deteksi intrusi: deteksi intrusi oleh monitoring dan analisis data audit host. Apakah audit dapat dikumpulkan dalam waktu adalah salah satu kelemahan sistem ini, penyusup akan menjadi tuan rumah subsistem audit sebagai sasaran serangan untuk menghindari sistem deteksi intrusi.(2) jaringan berbasis sistem deteksi intrusi: Berdasarkan jaringan sistem deteksi intrusi oleh di segmen bersama data komunikasi pencegatan pengumpulan data dan analisis terhadap fenomena yang mencurigakan. Sistem tersebut tidak memerlukan host untuk memberikan audit ketat, kurang konsumsi sumber daya tuan rumah, dan dapat memberikan perlindungan universal jaringan tanpa memperhitungkan arsitektur yang berbeda heterogen semesta alam.(3) didistribusikan sistem deteksi intrusi: saat ini, teknologi ini telah diterapkan di ISS produk. Mendeteksi data juga dari paket data jaringan, perbedaannya adalah bahwa menggunakan deteksi didistribusikan, metode manajemen terpusat. Bahwa kotak hitam ditempatkan pada setiap segmen, kotak hitam setara dengan sistem deteksi intrusi berdasarkan jaringan, tetapi tidak antarmuka pengguna. Kotak hitam digunakan untuk memantau aliran data jaringan mereka, menurut Pusat Manajemen keamanan terpusat untuk mengembangkan keamanan strategi dan respon aturan untuk menganalisis data deteksi jaringan, secara bersamaan ke pusat manajemen keamanan terpusat mengirim informasi acara keamanan. Pusat Manajemen keamanan terpusat adalah berorientasi antarmuka untuk sistem deteksi intrusi didistribusikan. Hal ini ditandai oleh cakupan data perlindungan relatif besar, tetapi memiliki dampak tertentu pada lalu lintas jaringan.
正在翻譯中..
其它語言
本翻譯工具支援: 世界語, 中文, 丹麥文, 亞塞拜然文, 亞美尼亞文, 伊博文, 俄文, 保加利亞文, 信德文, 偵測語言, 優魯巴文, 克林貢語, 克羅埃西亞文, 冰島文, 加泰羅尼亞文, 加里西亞文, 匈牙利文, 南非柯薩文, 南非祖魯文, 卡納達文, 印尼巽他文, 印尼文, 印度古哈拉地文, 印度文, 吉爾吉斯文, 哈薩克文, 喬治亞文, 土庫曼文, 土耳其文, 塔吉克文, 塞爾維亞文, 夏威夷文, 奇切瓦文, 威爾斯文, 孟加拉文, 宿霧文, 寮文, 尼泊爾文, 巴斯克文, 布爾文, 希伯來文, 希臘文, 帕施圖文, 庫德文, 弗利然文, 德文, 意第緒文, 愛沙尼亞文, 愛爾蘭文, 拉丁文, 拉脫維亞文, 挪威文, 捷克文, 斯洛伐克文, 斯洛維尼亞文, 斯瓦希里文, 旁遮普文, 日文, 歐利亞文 (奧里雅文), 毛利文, 法文, 波士尼亞文, 波斯文, 波蘭文, 泰文, 泰盧固文, 泰米爾文, 海地克里奧文, 烏克蘭文, 烏爾都文, 烏茲別克文, 爪哇文, 瑞典文, 瑟索托文, 白俄羅斯文, 盧安達文, 盧森堡文, 科西嘉文, 立陶宛文, 索馬里文, 紹納文, 維吾爾文, 緬甸文, 繁體中文, 羅馬尼亞文, 義大利文, 芬蘭文, 苗文, 英文, 荷蘭文, 菲律賓文, 葡萄牙文, 蒙古文, 薩摩亞文, 蘇格蘭的蓋爾文, 西班牙文, 豪沙文, 越南文, 錫蘭文, 阿姆哈拉文, 阿拉伯文, 阿爾巴尼亞文, 韃靼文, 韓文, 馬來文, 馬其頓文, 馬拉加斯文, 馬拉地文, 馬拉雅拉姆文, 馬耳他文, 高棉文, 等語言的翻譯.
