Kev kaw neeg tshawb nrhiav kev tawm tsam (IDS) tsom kwm network tsheb thiab tsom kwm saib xyuas tej yam ntxim saib ntxim ua thiab ceeb toom rau lub cev lossis network tus neeg khiav dej num. Qee lub sij hawm, IDS kuj tuaj yeem tawm tsam kev cuam tshuam kev tsis zoo los yog kev tsis zoo siab los ntawm kev txiav txim siab xws li kev thaiv tus neeg siv lossis qhov chaw nyob ntawm IP nkag mus ntawm lub network.
Cov IDS tuaj yeem muaj ntau yam "flavors" thiab ua raws li lub hom phiaj ntawm kev pom cov neeg txawv txawv hauv kev sib txawv. Muaj cov network raws (NIDS) thiab tus tswv tsev raws li (HIDS) kev nkag mus nkag tawm lub tshuab. Muaj cov IDS uas txheeb xyuas raws li nrhiav kev kos npe rau cov kev tsim kev hem-xws li kev siv antivirus software xws li paub thiab tivthaiv tiv thaiv malware - thiab muaj cov IDS uas tau pom zoo raws li kev sib piv cov qauv kev tawm tsam ntawm lub hauv paus thiab nrhiav kev txheeb ze. Muaj cov IDS tsuas yog saib xyuas thiab ceeb toom thiab muaj cov IDS uas ua yeeb yam lossis ua yeeb yam hauv kev teb rau qhov kev hem thawj. Peb yuav them txhua nqe lus luv luv.
NIDS
Network Intrusion Detection Systems yog muab tso rau ntawm qhov taw qhia los sis cov ntsiab lus hauv lub network los saib xyuas cov tsheb khiav mus los thiab los ntawm tag nrho cov khoom siv hauv lub network. Qhov zoo tshaj plaws, koj yuav tsum luam tawm txhua yam tawm hauv tsheb mus los thiab tawm hauv kev tawm mus, tab sis ua li ntawd yuav ua rau muaj kev kub ntxhov uas yuav cuam tshuam txog kev ceev ntawm lub network.
HIDS
Cov Tub Ntxhais Lub Chaw Taw Qhia Kev Lag Luam yog ua haujlwm rau ib tus neeg twg lossis cov khoom siv hauv lub network. Tus HIDS tsom kwm cov khoom ntiag tug thiab tawm sab nraud ntawm lub cuab yeej nkaus xwb thiab yuav ceeb toom rau tus neeg siv lossis tus neeg khiav dej num ntawm qhov muaj kev ua txhaum muaj kev cuam tshuam
Kos Npe Raws
Kos npe raws li IDS yuav saib xyuas cov ntaub ntawv hauv lub network thiab sib piv lawv tawm tsam cov ntaub ntawv kos npe los yog cov cwj pwm los ntawm kev tsim kev kub ntxhov. Qhov no zoo ib yam li rau feem ntau ntawm cov software antivirus detects malware. Qhov teeb meem yog tias yuav muaj kev lag luam ntawm kev tsim kev lag luam tshiab nyob rau hauv cov tsiaj qus thiab kos npe kom paub txog qhov kev hem thawj rau koj daim ID. Thaum lub sijhawm ua haujlwm, koj cov IDS yuav tsis tuaj yeem kuaj xyuas qhov kev phem tshiab.
Raws li Anomaly
Ib daim IDS uas yog kev tsis sib haum raws li yuav saib xyuas cov kev sib tw network thiab muab sib piv tawm tsam lub hauv paus tsim nyog. Lub hauv paus yuav taw qhia qhov "normal" rau qhov kev siv network - qhov kev siv bandwidth feem ntau yog siv, cov txheej txheem twg yog siv, cov chaw nres nkoj thiab cov khoom siv feem ntau txuas rau lwm tus- thiab ceeb toom tus neeg ua haujlwm lossis tus neeg siv thaum muaj tsheb khiav ceev uas yog kev ntxias, los yog txawv li ntawm lub hauv paus.
Passive IDS
Ib daim npav passive tsuas yog xyuas thiab ceeb toom. Thaum twg muaj neeg txawv txav los yog kev ua phem yuav pom tau tias kev ceeb toom yog tsim thiab xa mus rau tus neeg khiav dej num lossis tus neeg siv thiab nws tuaj yeem siv lawv los cuam tshuam qhov kev ua ub no lossis teb rau qee txoj kev.
Reactive IDS
Cov tshuaj tiv thaiv ID yuav tsis tsuas yog txheeb xyuas cov neeg ua phem lossis cov kev phem thiab ceeb toom rau tus thawj coj tab sis yuav tau ua raws li cov lus ua ntej yuav tau ua raws li qhov kev hem thawj. Feem ntau qhov no txhais tau tias thaiv lwm qhov kev sib tshuam ntawm qhov chaw ntawm qhov chaw IP lossis tus neeg siv.
Ib qho ntawm feem paub zoo thiab dav siv intrusion nrhiav lub nruab yog qhov qhib qhov chaw, dawb do muaj Snort. Nws muaj nyob rau ntau lub platforms thiab operating systems nrog rau ob qho tibsi Linux thiab Windows . Snort muaj ntau thiab ua raws li nram qab no thiab muaj ntau yam kev pab muaj nyob rau hauv Internet uas koj tuaj yeem tau txais kev kos npe los siv los txhawm rau paub txog qhov kev ntshai kawg. Rau lwm cov ntaub ntawv tshawb nrhau kom paub tseeb, koj tuaj yeem mus ntsib dawb Intrusion Detection Software .
Nws muaj ib txoj kab zoo ntawm ib lub firewall thiab ib qho IDS. Muaj ib qho tshuab hu ua IPS - Kev Tiv Thaiv Kev Tiv Thaiv Kev Nyuaj Siab . Ib qho IPS yog ib qho tseem ceeb ntawm kev siv hluav taws xob ua ke uas sib txuas nrog network-theem thiab daim ntawv teev lus-lim-theem nrog cov IDA reactive rau proactively tiv thaiv lub network. Nws zoo nkaus li tias sij hawm mus rau hauv qhov chaw siv hluav taws xob, IDS thiab IPS ua rau ntau tus cwj pwm ntawm ib leeg thiab zuj zus ntawm kab ntxiv.
Yeej tseem zoo, koj tus firewall yog koj thawj kab kev tiv thaiv kab lus. Cov kev cai zoo tshaj plaws tau pom zoo kom koj tus firewall tau ntsees rau DENY txhua lub tsheb khiav tuaj thiab ces koj qhib qhov qhov tsim nyog. Koj yuav tsum qhib qhov chaw nres nkoj 80 kom tswj cov vev xaib lossis qhov chaw nres nkoj 21 kom tswj hwm tus neeg ua hauj lwm FTP . Txhua qhov ntawm qhov no yuav tsim nyog los ntawm ib qho chaw sib tw, tab sis lawv kuj sawv cev tau vectors rau kev siab phem tsheb nkag mus rau koj lub network es tsis raug thaiv los ntawm firewall.
Qhov no yog qhov chaw koj cov IDS tuaj. Txawm koj siv lub NIDS nyob thoob plaws tag nrho lub network los yog HIDS ntawm koj cov cuab yeej tshwj xeeb, IDS yuav saib xyuas cov kev thauj mus los thiab tawm hauv kev tawm mus thiab taw qhia cov neeg txawv txav lossis kev ua phem uas muaj kev cuam tshuam koj cov phom sij lossis nws muaj peev xwm tsim tau los ntawm hauv koj lub network thiab.
Ib daim IDS tuaj yeem yog ib qho cuab yeej zoo rau kev saib xyuas thiab tiv thaiv koj lub network los ntawm kev ua phem, tab sis, lawv kuj ua rau cov lus ceeb toom tsis muaj tseeb. Nrog rau txhua yam tshuaj IDS koj siv koj yuav tsum "qhib rau nws" thaum nws thawj zaug ntsia. Koj xav tau cov IDS kom paub zoo tias qhov twg muaj tsheb khiav hauv koj lub network thiab tej zaum yuav muaj kev phem kev phem thiab koj, los yog cov thawj saib xyuas ua haujlwm tiv thaiv IDS cov ntawv ceeb toom, yuav tsum to taub txog qhov ceeb toom qhov txhais li cas thiab yuav ua li cas thiaj teb tau.