You are on page 1of 38

Bo co thc tp - tun 2 (20-3-2007)

ti
Tm hiu v h thng pht hin v ngn nga xm nhp(IDS/IDP)

n v thc tp : VnPro Trung tm tin hc Tr Vit Ngi hng dn: Mr. ng Quang Minh, CCIE#11897 Ngi qun l: Ms. Trn T Uyn, CCNP Nhm thc tp : 1. L Ti Nguyn 2. Ch on Vin
Ngi bo co : SV L Ti Nguyn Mail : nguyenlee_us@yahoo.com

Ni dung: dung

Tm hiu nhu cu bo mt mng

1. Ti sao phi bo mt mng ?


Tri qua nhiu nm trc y,vic kinh doanh trn mng, hay thng mi in t c ci thin mt cch mnh m v c cht lng ca nhng cng ty v v c s tng v thu nhp.Nhng ng dng thng mi in t nh thng nghip in t, s qun l dy chuyn cung cp, v iu khin kh nng truy cp ca nhng cng ty vo tin trnh hp l, s iu hnh gi thp hn, v tng s hi lng ca khch hng. V vy nhng ng dng i hi nhng mng c nhim v then cht nh cung cp m thanh, hnh nh, v d liu cng cng, v nhng mng ny phi c co dn h tr cho vic tng s ngi s dng v nhu cu cho dung lng v s thc thi ln hn. Tuy nhin i vi nhng mng c nhiu ng dng v c nhiu ngi s dng hn na, chng tr nn d b tn hi cho qu nhiu mi e da t vic bo mt. chng li cc mi e da ny va m bo rng s giao dch thng mi in t khng b tn hi, k thut bo mt phi ng mt vai tr quan trng trong h thng mng ngy nay. Mt mng kn trong qu kh :

Mt mng khp kn n gin bao gm mt mng c thit k v thc thi trong mt mi trng hp nht, v cung cp s kt ni ch bit nhng thnh vin v nhng v tr ca n m khng kt ni ti mng cng cng. Nhng mng c thit k theo cch ny trong qu kh v m bo an ton mt cch hp l bi v n khng c kt ni vi bn ngoi. Mt mng tiu biu ngy nay:

Nhng mng ngy nay c thit k vi kh nng kt ni vi Internet v mng cng cng, v l mt s yu cu chnh yu. Hu ht cc mng ngy nay c mt vi im truy cp ti nhng mng khc k c mng cng cng ln mng c nhn, v vy vic bo mt cho nhng mng ny tr thnh mt nhim v quan trng mt cch tt yu. Nhng mi e da ngy cng tng v d dng s dng chng :

Vi vic pht trin mt mt s ln cc mng ko theo vic tng nhng mi e da vic bo mt t 20 nm trc y. Khng ch nhng hacker khm ph ra nhiu ch yu, m nhng cng c c s dng v trnh k thut i hi hack tr nn qu n gin. C nhng ng dng c sn m yu cu mt t hay khng c kin thc cho ti cng c hacking . Cng c nhng ng dng vn c cho vic x l s c mt mng m khi c s dng khng ng cch c th dn ti nhiu mi e da. Bo mt mng l cp thit :

S bo mt di chuyn ti mt trc ca s qun l v thc thi mng. l s cn thit cho s tn ti ca nhiu vic kinh doanh cho php m ra vic truy cp ti nguyn mng, v m bo rng d liu v nhng ti nguyn c an ton nh c th. Nhu cu ca vic bo mt mng tr nn quan trng hn bi v nhng l do sau y: - Yu cu cho thng mi in t-- S quan trng ca thng mi v nhu cu cho nhng d liu c nhn i qua nhng mng cng cng lm tng nhu cu cho s bo mt mng. - Yu cu cho vic truyn thng v thc hin vic kinh doanh mt cch an ton trong nhng mi trng khng an ton mt cch tim tng. Mi trng kinh doanh ngy nay i hi s truyn thng vi nhiu mng cng cng v nhng h thng m lm tng nhu cu cho nhiu s bo mt mng c th xy ra khi nhng loi truyn thng c yu cu. - Kt qu l nhng mng i hi nhng s pht trin v thi hnh ca mt chnh sch bo mt mng din rng. S thit lp mt chnh sch bo mt s l nhng bc u tin trong s di chuyn mt mng ti mt thit b an ton. Bo mt mng trong thng mi in t :

Bo mt phi l mt thnh phn ch yu ca bt k chin lc ca thng mi in t. Nh nhng ngi qun l hot ng kinh doanh mng m ra nhng mng ca h cho nhiu ng ng v nhiu ngi s dng, h cng bc bc l ti s mo him cao hn. Kt qu l mt s t8ng trong yu cu bo mt kinh doanh. Internet thay i s trng mng c bn ca kh nng xy dng nhng mi quan h vi khch hng ca cc cng ty, nh cung cp, nhng thnh vin, v nhn vin. Vic chy ua gia nhng cng ty tr nn nhanh hn v cnh tranh hn, thng mi in t th ang cung cp s sinh ra nhng ng dng mi th v cho thng nghip in t, s qun l chui cung cp, s quan tm khch hng, s lc quan v lc lng lao ng, v nhng ng dng vic hc qua mng m nhng tin trnh ci thin, tng tc s ln thay i hon ton , gi thp hn, v tng s hi lng ca ngi s dng. Thng mi in t yu cu nhng mng c nhim v then cht m xem xt nhng c tri lin tc tng quanh nm v i hi cho cng sut v s thc thi ln hn. Nhng mng ny cng cn cho vic iu khin ting ni, m thanh, v d liu cng cng nh s hi t mng thnh mt mi trng a phc v. Nhng chnh sch bo mt ca chnh ph M :

S phn chia php l ca nhng t chc v nhng l thng trong s cn mt d liu v tnh lim chnh cng c th l v cng qu gi cho vic t chc. Chnh ph M cng ban hnh v ang pht trin nhng s sp t iu khin nhng thng tin in t c nhn. Nhng s sp t tn ti v ph thuc trong qui nh chung m s t chc nu vi phm c th ng u mt dy cc hnh pht. Nhng iu sau y l mt s v d: - Hot ng Gramm-Leach Bliley( GLB) Bao gm mt vi s sp t chnh cho s thnh lp b ti chnh . S thnh lp ny c th chng mt dy hnh pht t s hon thnh ca bo him FDIC tng mc hnh pht tin t ln 1 t la. - Hot ng ci cch bo mt thng tin ca chnh ph (HIPPA) ca nm 2000 Nhiu c quan phi tri qua s t nh gi hng nm v nhng nh gi c lp ca nhng thc tin v chnh sch bo mt ca h, m c yu cu cho vic xem xt kt qu. - Hot ng bo him sc khe c tnh di chuyn c v c trch nhim gii trnh (HIPPA) ca nm 1996 (B lut nh nc 104-191) Kha cnh S n gin ha vic qun tr ca b lut yu cu B phc v sc khe v con ngi ca M (DHHS) pht trin nhng chun v s i hi cho vic duy tr v s chuyn giao thng tin nhn dng nhng bnh nhn ring bit. Nhng chun ny c thit k cho nhng vic sau y :

o Ci thin tnh hiu qu v cht lng ca h thng chm sc sc

khe bng s tiu chun ha vic trao i d liu in t cho s chuyn giao ti chnh v s qun tr c nh r. o Bo v cho s bo mt v s cn mt ca thng tin sc khe. D mt hacker bn ngoi l mt th phm ca mt v tn cng, vic lu tr thng tin m thng tin ny c th c tm thy l tim nng ca s cu th bi phin ta nu thng tin khng c an ton mt cch thch ng. Hn na nhng cng ty m tri qua nhng s rn nt trong tnh nguyn vn ca d liu c th c yu cu bnh vc chng li s kin co bt u bi nhng khch hng m bc b b nh hng bi nhng iu khng ng hay s tn cng d liu v tm kim tin t hay s hy hi c lit.

2. Chnh sch bo mt mng


Mt chnh sch bo mt mng c th l n gin nh mt chnh sch s dng c th chp nhn cho nhng ti nguyn mng hay n c th l mt vi trm trang trong chiu di v chi tit mi yu t ca s kt ni v nhng chnh sch lin hp.

Chnh sch bo mt mng l g?

Theo Site Security Handbook (RFC 2196) Mt chnh sch bo mt l mt li tuyn b trang trng ca nhng qui tc ca nhng ngi m c cho s truy cp ti nhng ti sn k thut v thng tin ca mt t chc m phi gi gn . N y mnh nhng tnh trng, Mt chnh sch bo mt v c bn l mt bng tng kt cch s t chc s s dng v bo v ti nguyn mng v my tnh ca n.

Ti sao ta phi to chnh sch bo mt?


to mt ranh gii ca tnh hnh bo mt hin ti ca bn. thit lp mt khung s thi hnh bo mt.

Vch r nhng cch i x cho php hoc khng cho php. gip cho vic nh r nhng cng c v th tc cn thit. giao tip s tng ng v vch r nhng vai tr. Ch ra cch gi nhng ci vn c ca bo mt.

Nhng chnh sch bo mt cung cp nhiu li ch v l gi tr cho thi gian v s n lc cn pht trin chng. Vic pht trin mt chnh sch bo mt : -

Cung cp mt tin trnh kim ton s bo mt mng ang tn ti. Cung cp mt khung bo mt chung cho s thi hnh bo mt mng. Vch ra nhng cch i x cho php hoc khng cho php. Gip cho vic nh r nhng cng c v th tc cn thit cho mt t chc. Lm cho s thi hnh v s p buc bo mt ton cc c th xy ra. S bo mt my tnh by gi l mt vn thuc din rng v nhng tnh trng my tnh c trng i lm cho ph hp vi chnh sch bo mt mng. To ra mt tiu chu63n cho nhng hot ng da trn lut php nu cn thit.

Chnh sch bo mt mng nn cha nhng g?


-

Li pht biu ca ngi c thm quyn v phm vi Mc ny ch r ai l ngi bo m chnh sch bo mt mng v nhng khu vc no chnh sch bao ph. Chnh sch s dng c th chp nhn c Mc ny ch ra nhng g cng ty s v s khng cho php thu thp c s h tng thng tin ca n. Chnh sch s nhn dng v s xc nhn l ng Mc ny ch ra nhng k thut no, thit b no, hay s kt ni no ca hai cng ty s s dng bo m rng ch mt c th ring l c y quyn truy cp d liu ca n. Chnh sch truy cp Internet Mc ny ch ra nhng g m cng ty coi vic truy cp Internet ng ni quy v thch hp. Chnh sch truy cp khu trng s -- Mc ny ch ra cch nhng ngi dng trn khu trng s s s dng c h tng d liu ca cng ty . iu khin chnh sch truy cp Mc ny ch r cch iu khin nhng ngi s dng s truy cp c s h tng d liu ca cng ty . Cch trnh by th tc vn c Mc ny ch r cch cng ty s to mt i tr li vn c v nhng cch trnh by n s s dng trong sut v sau ngay khi xy ra.

Bo co thc tp tun ti :
1. Chu trnh bo mt mng a. Secure b. Monitor c. Test d. Improve 2. Cc mi e da c th : a. Unstructured threats b. structured threats c. external threats d. Internal threats 3. Cc loi tn cng c bit :

Chu trnh bo mt mng.


Cisco th h trng v vic bo mt mng, v v hm ca n cho nhng c s h tng nghim khc m nhng quc gia c pht trin ny v khc ph thuc vo. Mc ny tng kt li ci nhn m bo mt mng l mt tin trnh lin tc.

Sau khi thit lp nhng chnh sch thch hp, mt cng ty hoc t chc phi c phng php nhn ra s bo mt nh mt phn ca nhng s iu hnh mng thng thng. iu ny c th n gin nh vic cu hnh nhng router ngn cn nhng dch v hay a ch tri php, hay phc tp nh vic ci t bc tng la, h thng pht hin xm nhp (IDS), nhng my ch c quyn tp trung, v nhng mng my tnh c nhn o c m ha. Sau khi pht trin mt chnh sch bo mt, bo m mng ca bn s dng mt s a dng ca nhng sn phm im (firewall, intrusion,) Tuy nhin trc khi bn c th bo v mang my tnh ca bn, bn cn phi kt hp nhng s hiu bit ca bn v ngi s dng, nhng ti sn cn s bo v v nhng cu trc lin kt mng.

Bo m mt mng
Thi hnh nhng gii php bo mt dng hay ngn cn s truy cp hay nhng hat ng tri php bo v thng tin : - S chng thc - S m ha - Bc tng la - S p v nhng ch yu.

Nhng gii php sau y c dng cho vic bo mt mt mng : S chng thc --- S tha nhn mi c nhn s dng, v s nh x s nhn dng ca h, v tr, v thi gian cho chnh sch; v s cho php ca nhng dch v mng v nhng g h c th lm trn mng. S m ha --- Mt phng php m bo cho s cn mt, tnh nguyn vn, tnh cht xc thc ca s truyn thng d liu qua mt mng. Gii php ca Cisco kt hp nhiu chun, bao gm chun m ha d liu (DES). p v nhng c yu d b tn cng --- Vic p v v nhn dng nhng l thng bo mt c th xy ra s dn xp c mt mng.

Gim st vic bo mt
-

Tm ra nhng s vi phm cho chnh sch bo mt. Gii quyt s kim nh v s pht him xm nhp thi gian thc ca h thng. Thng qua nhng s thi hnh ca vic bo mt trong bc 1.

m bo rng mt mng yu cu c an ton, iu quan trng l phi kim tra tnh trng sng sng bo mt. my qut nhng ch yu d b tn cng ca mng nhn ra khu vc c tnh trng yu km, v IDS c th kim tra v p li s kin bo mt nh chng xy ra. Vic s dng nhng phng php kim tra, nhng t chc c th thu c mt tm nhn cha tng xy ra thnh c dng d liu mng v s b tr bo mt mng.

Kim tra s bo mt
Thng qua nhng s c hiu lc ca chnh sch mng bng vic kim nh h thng v vic qut nhng ch yu d b tn cng.

Vic kim tra s bo mt cng quan trng nh vic xem xt bo mt. Nu khng c s kim tra gii php bo mt ni , n khng th no bit c nhng mi e da no ang v sp tn cng. Cng ng hacker l mt mi trng lun lun thay i. Bn c th thc thi vic kim tra ny bng chnh bn hay bng mt ngun t bn ngoi n nh l nhm nh Gi Tnh Hnh Bo Mt Cisco (SPA). Nhm nh Gi Tnh Hnh Bo Mt Cisco (SPA) l mt s nh gi tnh d b tn cng ca mng c bit cung cp mt s hiu bit su sc nhanh nhy vo bn trong tnh hnh bo mt ca mt mng khch hng. c chuyn giao bi nhng k s bo mt mng Cisco chuyn nghip cao (NSEs), SPA Cisco bao gm mt s nhng nh phn tch hnh ht, sn dng ca nhng mng nh cung cp dch v phn tn, co dn t hnh phi cnh ca mt hacker bn ngoi.

Ci thin bo mt
-

S dng thng tin t giai on monitor v test lm ci thin tnh bo mt iu chnh chnh sch bo mt nh nhng s mo him v nhng ch yu ca bo mt c nhn dng.

Vic monitor v test cung cp d liu cn thit ci thin s bo mt mng. Nhng k s v nhng nh qun tr mng nn s dng thng tin t giai on monitor v test to cho s ci thin thnh s thi hnh bo mt tt nh vic iu chnh chnh sch bo mt nh nhng s mo him v nhng ch yu ca bo mt c nhn dng.

2. Nhng loi nguy him tn cng mng


Mc ny cung cp mt ci nhn v s a dng ca nhng nh hng v nhng s tn cng mng.

Nu khng c s bo mt thch hp, bt k phn no ca bt k mng no c th b nh hng ca nhng v tn cng hay nhng hot ng tri php mang tnh xm phm. Nhng router, switch, v host tt c c th b xm phm bi nhng hacker chuyn nghip, nhng ngi tn cng cng ty, hay ngay c nhng nhn vin quc t. tht vy, theo nhiu s nghin cu, nhiu hn phn na nhng ngi tn cng mng trn th gii c tr lng mt cch b mt. Hc vin bo mt my tnh (CSI) San Francisco c tnh rng khong 60 ti 80 phn trm s lm dng mng n t bn trong nhng cng trnh m s lm dng nm c ni . nh r cch tt nht cho vic bo v chng li nhng s tn cng, nhng nh qun l IT nn hiu nhiu loi tn cng m c th c d dng v nhng mi

nguy him ma nhng lai tn cng ny c th gy ra cho cu trc h tng thng mi in t. Nhng mi e da s bo mt mng C bn lai chung c th tn cng mng: -

Mi e da khng c cu trc unstructured threats Mi e da c cu trc structured threats Mi e da bn ngoi external threats Mi e da bn trong internal threats

Bn loi c th nh sau: - Mi e da khng c cu trc unstructured threats nhng mi e da u tin ny bao gm nhng hacker him khi s dng nhng cng c chung khc nhau, nh l nhng tp lnh v bc him c, nhng ti phm my tnh n cp password, nhng ngi xut s th tn dng, v nhng ngi e da trnh quay s .Mc d nhng hacker trong loi ny c th c nhng mc ch him c, nhiu s hp dn hn trong

nhng s thay i tr c ca nhng s bo v s n cp my tnh hn vic to s tn ph. Mi e da c cu trc structured threats Nhng mi e da ny c ta ra bi nhng hacker m c thc y cao hn v tho mt cch k thut.Thnh thong, ti phm c t chc, nhng i th cng nghip, hay nhng t chc thu thp tnh trng bo tr thng minh thu nh nhng hacker. Mi e da bn ngoi external threats Nhng mi e da ny bao gm nhng mi e da cu trc v khng cu trc c t chc t mt ngun bn ngoi. Nhng mi e da ny c th c nhng mc ch him c v ph hoi, hay mt cch n gin l nhng li m to ra mt mi e da. Mi e da bn trong internal threats Nhng mi e da ny tiu biu l nhng nhn vin hin ti hay c bt bnh. Mc d nhng mi e da bn trong c th dng nh nhiu im xu hn nhng mi e da t nhng ngun bn ngoi, thc o bo mt th sn c dng cho vic lm gim bt nhng nguy him t nhng mi e da bn ngoi v tr li khi b tn cng.

Nhng loi tn cng c bit


Tt c nhng iu sau y c th c s dng lm hi h thng ca bn :
-

Nhng sniffer packet packet sniffer im yu ca a ch IP Ip weakness Nhng tn cng vo password Password attack S ph nhn dch v hay S ph nhn c phn tn ca dch v -- DoS or DDoS Nhng cuc tn cng trung gian Man-in-the-middle attack Nhng cuc tnm cng vo lp ng dng application layer attack Khai thc s tn nhim. trust exploitation S ti iu khin cng port redirection Virus Con nga thnh Troa Trojan horse Li iu hnh operator error S chy trn bng CAM CAM table flooding Bc truyn VLAN VLAN hopping S nhim c ARP/MAC -- ARP/MAC poisoning S gi mo ARP ARP spoofing Tn cng VLAN c nhn private VLAN attack Multicast brute-force failover S thiu DHCP

Packet Sniffer
Packet sniffer l mt ng dng phn mm ma s dng mt mch giao tip mng trong ch pha tp ( mt ch ni m mt mch giao tip mng gi tt c nhng gi nhn c t mng vt l ti nt ng dng cho vic x l) bt gi tt c cc gi mng m c gi thng qua mt mng LAN. y l mt s c im ca packet sniffer : - Nhng packet sniffer khai thc thng tin thng qua nhng on text r rng.Nhng giao thc m thng qua thng tin mt cch r rng bao gm: o Telnet o FTP o SNMP o POP HTTP - Packet sniffer phi c trn mt phm vi ng ging nhau.

Mt giao thc mng ch nh cch nhng gi d liu th c nhn dng v nh nhn, m lm cho mt mng c th chng thc ni m mt gi d liu c d nh cho n. Bi v s ch r cho nhng giao thc mng, nh l TCP/IP, c cng b mt cch rng ri, mt tc nhn th 3 c th d dng hiu c nhng gi d liu mng v pht trin mt packet sniffer ( ngy nay mi e da tht s xy ra do bi s lng ln t nhng packet sniffer freeware v shareware c sn, m khng yu cu ngi s dng hiu bt c iu g v giao thc c bn).

V d v Packet Sniffer

Mt packet sniffer c th cung cp cho nhng ngi s dng chng vi thng tin c ngha v thng b hng, nh tn ti khon v mt khu ca ngi s dng. Nu bn s dng nhng c s d liu c mng ha, mt packet sniffer c th cung cp mt ngi tn cng vi thng tin m c truy vn t c s d liu, cng nh nhng mt khu v tn ti khon ngi s dng dng truy cp vo c s d liu. Mt vn nghim trng vi vic tm c mt khu v ti khon truy nhp l nhng ngi s dng dng li nhng mt khu v tn truy nhp ca h thng qua nhng ng dng a tc v. Thm vo , nhiu nh qun tr mng s dng nhng packet sniffer chn on v sa nhng vn lin quan mng. Bi v trong tin trnh ca s thng thng v cn thit ca chng lm nhim v qun tr nhng mng ny ( nh nhng ci trong mt b phn tin lng)lm vic trong sut nhng gi nhn vin bnh thng, chng c th kho st mt cch c tim nng thng tin d b tn hi c phn b thng qua mng. Nhiu ngi s dng thu mt mt khu n l truy cp vo tt c cc ng dng v ti khon. Bi v nhng k tn cng bit v s dng nhng c dim ca con ngi ( tn cng nhng phng php c bit chung nh nhng v tn cng in hnh thng thng), nh vic s dng mt mt khu n l cho nhiu ti khon a ngi dng, chng thng thnh cng trong vic ginh c quyn truy cp thng tin d b tn cng. C hai loi chnh ca packet sniffer :

Mc ch chung o Ginh c tt c cc gi d liu. o Bao gm mt vi h iu hnh. o Nhng phin bn freeware v shareware c sn. c thit k cho mc ch tn cng Ginh c 300 n 400 byte u tin Tiu biu ginh c nhng mc ang nhp ( Giao thc truyn bng file ( FTP), rlogin v telnet)

S di chuyn packet sniffer

Nhng k thut v cng ngh sau y c th c s dng di chuyn nhng packet sniffer :
-

S xc thc Vic s dng s xc thc chc chn l mt s la chn u tin cho s phng th chng li nhng packet sniffer. S xc thc chc chn c th c nh r mt cch rng ri nh mt phng php xc thc ngi s dng m khng th d dng b ph v. Mt v d chung ca s xc thc chc chn l mt khu mt ln (OTPs).

M m s hon tr nhng packet sniffer khp6ng thch hp, m l phng php c hiu qu nht cho vic chng li packet sniffer ngay c nhiu nh hng hn vic ngn nga hay pht hin nhng packet sniffer. Nu mt knh truyn thng l s an ton v mt m, th d liu ch l mt on text khng c gi tr i vi packet sniffer ( b ngoi chng khi l nhng chui bit) v khng l thng ip gc. s pht trin mt m mc mng Cisco th da trn IPSee, n l mt phng php chun cho nhng dch v mng truy thng vi vic s dng IP mt cch ring bit. nhng giao thc m ha khc cho s qun l mng bao gm giao thc bo v tin ch (SSH) v lp bo v l hng ( SSL).

H thng pht hin xm nhp


H thng pht hin xm nhp l g? Khi bn t mt ng h bo ng trn nhng cnh ca v trn nhng ca s trong nh ca bn, ging nh vic bn ang ci t mt h thng pht hin xm nhp (IDS) trong nh bn vy. H thng pht hin xm nhp( IDSs) c dng bo v mng my tnh ca bn iu hnh trong mt ki6u n gin. Mt IDS l mt phn mm v phn cng hmt cch hp l m nhn ra nhng mi nguy hi c th tn cng chng li mng ca bn. Chng pht hin nhng hot ng xm phm m xm nhp vo mng ca bn. Bn c th xc nh nhng hot ng xm nhp bng vic kim tra s i li ca mng, nhng host log, nhng system call, v nhng khu vc khc m pht ra nhng du hiu chng li mng ca bn. Trc s trin khai mt IDS, bn phi hiu nhng li ch m mt IDS cung cp. Bn cnh vic pht hin nhng cuc tn cng, hu ht h thng pht hin xm nhp cng cung cp vi loi cch i ph li nhng tn cng, nh vic thit lp nhng kt ni TCP. Vic pht hin nhng cuc tn cng chng li mng ca bn( c cp trong chng 1, Nhu cu bo mt mng), tuy nhin trc ht n l khung thnh ca s pht hin xm nhp. Nhng hot ng xm nhp c th b pht hin trong nhiu cch khc nhau. V vy, mi ngi c th thit k nhng loi IDSs khc nhau gii quyt nhng vn pht hin xm nhp. Nhng loi hot ng gim st ph thuc vo nhng h thng IDS m bn s dng. Mi loi IDS khc nhau c nhng im mnh v nhng im yu ca n. Tuy nhin, bn c th nh gi mi IDS bng vic xem nhng iu sau y: Khi s(Trigger) Gim st v tr(Monitoring location) Nhng c trng ghp( Hybrid characteristic)

IDS Trigger-Trigger ca h thng IDS

Mc ch ca bt k mt IDS cng l pht hin khi c mt k xm nhp tn cng mng ca bn. Tuy nhin,khng ch mi IDS s dng cng mt triggering mechanism to ra mt chung bo ng. H thng IDS hin ti s dng 2 triggering mechanism chnh: Pht hin mt cch khng bnh thng( Anomaly detection) Pht hin s dng khng ng( misuse detection)
Nhng Trigger mechanism Nhng trigger mechanism cp ti nhng hot ng m IDS mun to ra mt chung bo. Trigger mechanism cho mt chung bo ng trong nh c th l mt s v ra ca ca s. Mt IDS ca mng c th sinh ra mt chung bo nu mt h thng chc chn gi nhng thc thi. Bt k vic g m c th pht tn hiu nh mt s xm nhp c th l mt trigger mechanism.

Anomaly detection-S pht hin khng bnh thng Anomaly detection thnh thong cng cp ti nh h thng pht hin profile(profile-based IDS). Vi s pht hin ny, bn phi xy dng nhng hin trng ( profile) cho nhng c nhn s dng ring. Trong tnh hung khc, nhng profile ny kt hp cht ch vi mt thi quen ngi dng c bn, nhng dch v m anh ta s dng mt cch thng xuyn, Nhng profile ny xc nh r mt vch ranh gii cho nhng hoat ng m ngi dng thng thng lm mt cch thng l thc thi cng vic ca h.
Nhm s dng Mt nhm s dng miu t mt nhm ngi ng m2 thc thi nhng chc nng n gin trong mt mng. i khi, bn c th xy dng nhng nhm ngi s dng d trn s phn loi cng vic, nh mt nhm k s, th k,Mc khc, bn c th mun thit k nhm ngi s dng da trn nhng phng ban. Cch m bn thit k nhng nhm khng quan trng, n di bng nhng ngi dng trong nhm thc thi nhng hot ng trn mng.

Vic xy dng v cp nht nhng proie ny miu t mt phn ngha ca mng yu cu trin khai mt IDS anomaly-based. Cht lng ca nhng profile ny lin h trc tip ti cch IDS ca bn thnh cng vic pht hin nhng him ha tn cng mng ca bn. Mi ngi c kinh nghim vi nhng ng i( traffic) thng thng cho nhng ngi dng khc nhau trn nhng mc thi gian v khi to ra nhng qui lut m lm mu nhng thi quen ny. Anomaly Detection vi mng thn kinh. Anomaly Detection cui cng s dng gn ging nh mng thn kinh. Nhng mng thn kinh l mt hnh thc ca s thng minh nhn to ni bn c gng lm gn ging nh cng vic ca mt dy thn kinh sinh hc, nh l

nhng g tm thy trong b no ca con ngi. Vi nhng h thng ny, bn o to chng bng vic trnh by chng vi mt s lng ln d liu v qui tc lin quan n d liu. Sau khi h thng c o to, traffic mng c dng nh mt s kch thch ti mng thn kinh chng minh ni m traffic c coi nh bnh thng. Issues-Nhng kt qu Nhng profile ngi s dng to thnh tri tim ca mt IDS anomalybased. Mt vi h thng s dng mt giai on o to ban u m nhng ngi gim st mng cho mt khong thi gian nh trc. Khi ng i ny s dng to ra mt vch ranh gii ngi s dng. Vch ranh gii ny nh r mt traffic thng thng trn mng l nh th no. S bt li vi s n gn ny l nhng iu nu nh cng vic ca ngi s dng thay i theo thi gian, h bt u to ra nhng chung bo sai. Nhng h thng khc gi nhng s liu thng k lin tc hay ch lin tc cho nhng chnh lch nh trong thi quen ngi s dng. Trong mi trng ny, s xc nh thng thng ch k khai lin tc cho nhng thay i trong thi quen iu hnh ca ngi s dng. S bt li ca s tin gn ny l nhng g m mt k tn cng kin quyt c th rn luyn h thng tng dn cho ti khi traffic tn cng tht s ca anh ta xut hin nh mt traffic thng thng trn mng. Benefits-Nhng li ch H thng anomaly detection cp mt vi s thun li ton din. u tin h c th pht hin nhiu k tn cng bn ngoi hay k trm ti khon mt cch d dng. Nu mt ti khon c bit lin quan ti mt mt th k vn phng bt u th nhng chc nng ca mt nh qun tr mng, v d iu ny c th gy ra mt bo ng . S thun li khc l nhng g m mt k tn cng khng hon ton chc chn nhng g m hot ng to ra mt ci chung bo. Vi mt IDS ch k( signature-based IDS) mt ngi tn cng c th kim tra nhng g m traffic c th to ra mt ci chung bo trong mt mi trng lab. Bng vic s dng nhng thng tin ny, anh ta c th s dng nhng cng c cng ngh m i qua h thng sinature-based IDS. Vi h thng anomaly detection k tn cng khng bit d liu o to c s dng , v vy anh ta khng th chim ly bt k hot ng quan trng no s ri vo tnh trng khng tm ra. Tuy nhin s thun li chnh ca anomaly detection l nhng g m nhng chung bo khng da trn nhng ch k(signature) c bit, nhng s tn cng c bit trc( trong on ny, mt signature l mt thit lp nhng qui lut nhn ra ng i c bit m m t nhng hot ng xm phm). Thay v chng da trn mt profile m ch nh r hot ng ca ngi s dng thng thng. V vy, mt IDS sinature-based c th to ra mt chung bo cho nhng tn cng khng cng b trc y, lu nh nhng cuc tn cng mi chnh lch t nhng

hot ng ca ngi s dng thng thng. V vy, h thng IDS anomaly-based c th pht hin nhng cuc tn cng mi trong ln u tin chng s dng.
Nhng cuc tn cng khng cng b trc y Sau khi nhng cuc tn cng c cng b ra cng cng, Nhng i l c th lm vic trn nhng bng p v bo mt, v nhng ch k c th c pht trin pht hin nhng ng i b tn cng bng vic s dng mt h thng IDS signature-based. Trc khi nhng cuc tn cng ny c phng thch ra cng cng, chng c bit nh nhng tn cng khng bit trc. Bi v anomaly detection khng ging nh ng i c bit( ch mt s sai lch t bnh thng), n c th pht hin nhiu s tn cng khng cng khai mt cch trc y khi chng c s dng ban u chng li mng ca bn.

Nhng iu tr ngi (Drawback) Trn cnh di, anomaly detection c mt vi tr ngi: Thi gian o to ban u di Khng c s bo v mng trong sut qu trnh o to Kh khn xc nh thng thng Phi cp nht nhng profile ca ngi s dng nh s thay i nhiu tnh cch Nhng s ph nh sai nu ng i xut hin thng thng Kh khn hiu c vic bo ng Phc tp v kh khn hiu u tin bn phi ci t IDS anomaly-based ca bn v th n cho nhng khong thi gian c bit, m c th nhn ly hng tun. Bn s dng nhng vic o to ny quan st ng i thng thng trn mng.Vic xc nh nhng th cu thnh ng i thng thng khng l mt nhim v n gin. V vy, trong sut thi gian o to ny, IDS khng bo v mng ca bn. Vn khc l nhng g con ngi hng v nhng hot ng khc nhau ca h.H lun lun khng lm theo nhng mu tht ging nhau mt cch thng xuyn. Nu thi gian hun luyn ban u l khng tng xng, hay s xc nh ca tnh trng bnh thng th li thi v sai, tnh cht sai lch l khng th trnh khi. Khi nhng ngi s dng lc t ng nh tuyn thng thng, IDS to ra mt ci chung nu nhng hot ng ny ri qu xa t tnh trng thng thng. IDS to ra ng h ny d l khng c hot ng xm phm tht s tham gia ni . S xc nhn tnh trng thng thng cng thay i trn cuc sng ca mng ca bn. Nh s thay i mng ca bn, ng i nhn ra tnh trng thng thng c th b thay i. Nu iu ny xy ra, bn phi cp nht nhng profile ngi s dng ca bn cho thy nhng thay i . i vi mt mng m thay i mt cch lin tc, vic cp nht nhng profile ngi s dng c th tr thnh mt s thay i chnh. Hn na, nu nhng nhm ngi s dng ca bn thc thi

mt thit lp nhng hot ng linh tinh, n th hon ton kh khn i vi bt c th g chng li nh nhng iu d thng. Mt profile-based IDS c th to ra mt false negative nu nhng hot ng xm phm khng lch khi trng thi khng bnh thng. Thnh thong, nhng hot ng xm phm c th xut hin tng t nh ng i ngi s dng thng thng. Trong tnh trng ny, n c th l kh khn hay khng th xy ra c cho mt anomaly-based IDS phn bit nhng hot ng ny nh mt s xm phm v to ra mt chung bo. iu ny c th l mt vn c ngha nu nhng nhm ngi dng ca bn thc thi mt thit lp nhng hot ng khc nhau.
False negative Khi mt IDS l l to ra mt chung bo cho vic nhn bit nhng hnh ng xm nhp, n c gi l mt false negative. Nhng negative miu t nhng s tn cng tht s m IDS b st ngay khi n c ln chng trnh nhn bit s tn cng ny. Hu ht nhng ngi pht trin IDS c khuynh hng thit k nhng h thng ca h trnh by nhng false negative. Tuy nhin,n th hi kh loi tr ton b false negative. Hn na, khi bn nhy cm vi nhng h thng ca bn bo co mt vi false negative, bn c khuynh hng lm tng s lng false possitive m nhn bo co.N l mt s tha hip bt bin.

Khng ging nh misused-based IDS, anomaly-based IDS khng c mt s tng quan trc tip gia nhng ci chung bo v nhng s tn cng tim tng. Khi nhng hot ng lch hng t tnh trng thng thng c thit lp ca bn, IDS ca bn s to ra mt chung bo. Sau n th trn nh qun tr h thng ca bn nh r ngha tht s ca chung bo. Drawback cui cng cho mt anomaly-based IDS l s phc tp ca n. N th khng d gii thch cch m h thng iu hnh. Vi mt signatured-based IDS, nu h thng thy mt chui d liu c bit, n to ra mt chung bo. Tuy nhin, vi mt anomaly-based IDS bn lm phc tp nhng thng s hay l thuyt thng tin kt hp vi mng thn kinh. Nhng ngi s dng th khng thoi mi khi h khng hiu IDS ca h mt cch hon ton. Hn na, nhng ci thiu ca vic hiu ny lm gim hiu qu ca ngi dng trong IDS. Misuse Detection-Pht hin s lm dng Pht hin s lm dng( Misuse detection), cng c bit nh signaturebased detection, ging nh hot ng xm phm m tranh ginh nhng signature c bit. Nhng signature ny c da trn mt s thit lp nhng qui lut m ginh nhng mu tiu biu v khai thc c s dng bi nhng k tn cng nhm chng li s truy cp vo mng ca bn. Nhng k s mng kho lo cp cao nghin cu cch nhn bit tn cng v nhng ch yu nhm pht trin nhng qui lut cho m signature. Vic xy dng nhng signature rnh mch lm gim nhng c hi ca false possitive trong khi lm nh c hi ca false negative. Mt misuse-detection-based IDS cu hnh hon chnh to ra mc thp nht false negative. Nu mt misuse-

based IDS lin tc to ra nhng false positive , s nh hng ton din ca n s c gim. Benefits-Nhng li ch Misuse detection cung cp mt s li ch. Mt vi li ch chnh bao gm : Nhng signature da trn nhng hiu bit v hot ng xm nhp Nhng tn cng c pht hin th r rng H thng th d dng hiu Nhng tn cng c thay i lin tc sau khi ci t Mi misuse-based IDS pht hin mt thit lp r rng ca nhng cuc tn cng signature. Bng vic s dng mt misuse-based IDS, bn c th chc chn nhng g m nhng tn cng xm nhp r rng b pht hin. Nhng k s mng thng xuyn pht trin nhng qui lut to ra nhng signature da trn nhng tn cng mi. Hn na, nhng signature pht trin tt to ra nhng false positive mc tht nht. Vi mt h thng misuse-based IDS, mi cuc tn cng vo c s d liu ch k c mt tn signature v mt s nhn dng. Mt ngi s dng c th th hin tt c nhng signature trong c s d liu v ch r mt cch chnh xc nhng tn cng no m IDS cn bo ng. Bng vic hiu bit v nhng tn cng c bitt trong c s d liu signature, ngi s dng c th tin tng vo kh nng ca IDS bo v mng ca h. Khi nhng tn cng mi l ra, chng cng c th xc nhn nhng g m IDS ca h cp nht pht hin chng. Ngi s dng hiu nhng phng php lun c bn sau mt misuse-based IDS. Nhng k s mng phn tch nhng tn cng thc th v sau pht trin nhng signature pht hin nhng hot ng ny. S tn ti mt s tng ng gia chung bo v nhng tn cng. Mt ngi dng c th to ra mt ng i tn cng v theo di mt chung bo c bit. Drawbacks-Nhng tr ngi Mc d misuse-based IDS cung cp nhiu li ch, nhng chng cng c nhng bt li ln sau: Vic duy tr tnh trng thng tin( ngay c phm vi hiu bit) Vic cp nht c s d liu signature Nhng tn cng m ph v IDS(false negative) S bt lc pht hin nhng tn cng l pht hin xm nhp, mt misuse-based IDS kim tra thng tin v sau so snh n vi signature trong c s d liu ca n. Tuy nhin,thnh thong nhng thng tin ny tri di ra thng qua nhiu gi d liu. Khi mt signature yu cu nhiu mnh d liu, IDS phi duy tr tnh trng thng tin v mt signature bt u khi n thy nhng mnh d liu u tin. Tnh trng thng tin ny phi c duy tr trong khong thi gian ca event horizon.

Event horizon pht hin ra tn cng, mt signature-based IDS kim tra d liu c a vo n. i khi nhiu mnh d liu th cn thit chng li mt cuc tn cng signature.Mt s lng thi gian cc ln qua ni m mt tn cng signature c th c pht hin thnh cng( t d liu ban u ti d liu cui cn thit cho vic hon thnh cuc tn cng signature) c bit nh event horizon. IDS phi duy tr tnh trng thng tin trong sut event horizon ny. Chiu di ca event horizon khc nhau. i vi mt vi tn cng, event horizon th t ngi nhp vo h thng( logon) ti ngi ri h thng( logoff); bt k ni no i vi nhng tn cng khc nhau, nh mt cng chm qut qua, event horizon c th ko di c tn. Mt im quan trng hiu l IDS ca bn khng th duy tr tnh trng thng tin mt cch v hn nh; v vy n s dng event horizon gi7i hn khong thi gian m no` lu tr tnh trng thng tin. Bi v misuse-based IDS so snh ng i mng chng li nhng signature c bit trong c s d liu ca chng, nhng k tn cng c gng che y nhng tn cng chng. Vi vic t c nhng thay i nh cho s liu tn cng, i khi chng c th thot khi cuc tn cng thng qua misuse-based iDS m khng to ra mt chung bo, v vy l nguyn nhn gy ra mt false negative. Tnh trng tt ca s xc nh 1 signature ch ra cch mt misuse-based IDS thnh cng l vic trnh by false negative. Khi nhng tn cng mi xut hin, c s d liu signature c s dng bi misuse-based IDS phi c cp nht. Vic cp nht thng xuyn ca c s d liu signature l quan trng cho signature-based IDS thnh cng. Tuy nhin hin ti vic gi c s d liu c cp nht th rt kh. Mt tr ngi ln cho misuse-based IDS l s bt lc ca n nhn ra nhng tn cng tim n. Tuy nhin iu ny khng c ngha l mt signaturebased IDS khng th pht hin bt k tn cng mi no. Khi nhng ngi pht trin to ra nhng signature mi, h th to ra mt signature linh hot khi c th, trong khi kh nng false horizon l thp nht. Vi vic s dng k thut ny, nhiu signature pht hin mt lp tn cng ngay c chng da trn nhng thnh cng c bit.

IDS Monitoring Location-S gim st nhng v tr ca IDS


By gi ta c nhng kin thc c bn ca nhng hot ng xm nhp m c th to ra chung bo ng t IDS ca bn, l thi gian kim tra ni mt I xem ng i xm nhp ny. H thng IDS gim git mt trong hai v tr tiu biu l: The Host The network

A . H thng pht hin xm nhp Host-Based :


Host-based IDS kim tra s xm nhp bng cch kim tra thng tin host hay mc h iu hnh. H thng IDS ny kim tra nhiu din mo host ca bn, nh h thng nhng cuc gi(system call), bn ghi kim ton( audit log), thng ip li(error message),Hnh di y minh ha cho mt s miu t host-based IDS tiu biu.

Mc ny miu t nhng c im ca h thng pht hin Host-Based bao gm mt hnh nh ca s trin khai k thng pht hin xm nhp host-based c bn.

Mt h thng pht hin xm nhp host-based ( HIDS) kim tra nhng file log vo host,nhng h thng v ti nguyn host file. Mt s tin li ca h thng HIDS l nhng g m n c th xem xt tin trnh ca h iu hnh v bo v nhng ti nguyn h thng c bit bao gm nhng tp tin m c th ch tn ti trn nhng host c bit. Mt hnh thc n gin ca HIPS l c kh nng ang nhp vo mt host. Tuy nhin n c th tr thnh nhn s c lc chuyn i v phn tch nhng log ny. Phn mm HIPS ngy nay yu cu phn mm Agent phi c ci t trn mi host xem xt nhng hoat ng thc thi trn n v chng li nhng host. Phn mm Agent thc thi nhng phn tch v bo v pht hin xm nhp vo host. Nhng thun li Bi v mt host-based IDS kim tra ng i sau khi n tin ti ch(target) ca cuc tn cng( vic tha nhn host l mt ch), n c thng tin trc tip trn s thnh cng ca nhng tn cng. Vi mt networ-based IDS, chung bo c to ra trn nhng hot ng xm nhp bit trc, nhng ch mt host-based IDS c th xc nh s thnh cng hay tht bi tht s ca nhng cuc tn cng. Vn khc nh nhng mnh v rp li v nhng cuc tn cng Time-ToLive c th thay i(TTL) th kh nhn bit vic dng network-based IDS.

Tuy nhin, mt host-based IDS c th s dng cm IP ring ca host d tha thun vi nhng vn ny. Nhng kh khn Host-based IDS c mt vi tr ngi hay kh khn: Gii hn tm nhn mng Phi x l mi h iu hnh trn mng. Kh khn u tin i vi host-based IDS l gii hn tm nhn mng vi s lin quan ti s tn cng. V d,hu ht h thng IDS ny khng pht hin nhng c qut port chng li nhng host. V vy, n th cng khng th lm c vi host-based IDS pht hin nhng c qut d thm chng li mng ca bn. Nhng c qut ny cho thy mt ng h ch th cho nhiu tn cng khc chng li mng ca bn. Kh khn khc ca host-based IDS l phn mm phi chy trn mi host ca mng. iu ny miu t vn pht trin mi cho nhng mng hn tp c soan vi mt s h iu hnh. i khi, i l host-based IDS c th chn h tr nhiu h iu hnh bi v nhng vn h tr ny. Nu phn mm host-based IDS ca bn khng h tr tt c h iu hnh trn mng, mng ca bn khng bo v ton vn chng li nhng xm nhp. Hnh 3.2 s tn cng Vriable Time-To-Lite

S kh khn cui cng l khi host-based IDS pht hin mt s tn cng, n phi truyn thng tin ny ti mt vi loi phng tin qun l trung tm. Mt s tn cng c th ly nhng truyn thng ngoi tuyn ca host. Khi host ny khng th truyn thng bt k thng tin no n phng tin truyn thng trung tm. Hn na, ng i mng ti s qun l trung tm c th thc hin cho n mt im trung tm ca mt s tn cng.

Hnh ny minh ha cho s trnh by HIPS c bn. Agent c ci t khng ch trn nhng server truy cp cng cng, nhng tp on mail server, nhng server ng dng, m cn may tnh c nhn ca ngi s dng. Agent bo co nhng s kin ti mt server iu khin trung tm t bn cnh tp on firewall. H thng pht hin xm nhp Network-Based( Network-based IDS) Mt network-based IDS kim tra nhng gi d liu ti nhng s tn cng nh v chng li mng. IDS nh hi(sniff) nhng gi mng v so snh ng i chng li nhng signature cho nhng hot ng xm nhp.

H thng pht hin xm nhp bo mt ca Cisco( CSIDS) l mt networkbased IDS. Bng vic s dng signature, CSIDS quan tm n mi gi i vo mng v to ra chung bo khi nhng s xm nhp c pht hin. Bn c th cu hnh CSIDS khng cho nhng signature v nhng chnh sa thng s signature vo lm vic mt cch tt nht trong mi trng mng ca bn. Hnh 3.3 cho thy s pht trin ca CSIDS. Mc ny miu t c im ca h thng pht hin xm nhp NetworkBased (NIDSs), bao gm mt hnh nh ca mt s trnh NIDS c bn.

Nhng cm bin c kt ni ti nhng phn on mng. Mt sensor n l c th kim xt nhiu host. S pht trin ca mt mng c bo v mt cch d dng. Nhng host v dch v mi c th c thm vo mng m khng c nhng sensor thm vo. Nhng sensor l nhng ng dng mng c ha hp vo nhng s phn tch - H iu hnh th c lm cng - Phn cng c thit k chuyn dng cho s phn tch pht hin xm nhp. Mt NIDS bao gm s trnh by ca nhng thit b kim duyt hay nhng sensor thng qua mng, m bt li v phn tch lu lng khi n i ngang qua mng. Nhng sensor pht hin nhng hot ng khng cho php v nguy him trong thi gian thc v c th tham gia hot ng khi c yu cu. Nhng Sensor c th c trnh by mt thi im mng c qui nh r m c th l nhng ngi qun tr bo mt kim duyt nhng hot ng mng trong khi n ang xy ra, bt chp v tr ch ca s tn cng. NIDS cho nhng nh qun tr bo mt nhn thy bn trong vic bo mt thi gian tht ca mng bt chp s pht trin ca n. S pht trin mng c th xy ra bng vic thm vo nhng host truyn thng hay nhng mng mi.NHng mng truyn thng thm vo s tn ti nhng mng c bo v s c bao bc m khng c bt k sensor mi no. Nhng sensor truyn thng c th d dng c trin khai bo v nhng mng mi. Mt vi nhn t m bao gm s thm vo nhng sensor nh sau :

o Ngoi tr nhng cng sut lu lng v d , vic thm vo nhng phn on gigabit mi i hi mt sensor cng sut cao. o Kh nng thc thi ca Sensor nhng sensor hin ti c th khng c thi hnh vic cho mt traffic capacity mi. o S b sungmng Chnh sch bo mt hay thit k mng c th yu cu nhng sensor truyn thng gip vic thc p ranh gii bo mt. Nhng sensor NIDS c chnh mt cch tiu biu cho s phn tch pht hin xm nhp. H iu hnh c bn l trn tri v nhng dch v mng khng cn thit v nhng dch v ch yu c bo mt. Phn cng c chn cung cp s phn tch pht hin xm nhp cc i c kh nng cho nhng mng a dng khc nhau. Phn cng bao gm nhng phn sau y : - card giao tip mng (NIC) NIDS phi c kh nng kt ni vo bt k mng no. Card giao tip mng NIDS chungbao gm Ethernet, Fast Ethernet, GigEthernet, Token Ring v FDDI. - B x l Thit b pht hin xm nhp i hi kh nng ca CPU thc thi s phn tch giao thc pht hin xm nhp v lm khp mu. - B nh -- S phn tch pht hin xm nhp l mt b nh chuyn su. B nh va chm vi kh nng ca mt NIDS mt cch trc tip pht hin tn cng mt cch c hiu qu v chnh xc .

S thun li Mt natwork-based IDS c mt vi s thun li nh sau: Hnh phi cnh ton mng. Khng phi chy trn mi h iu hnh mng. Bng vic thy ng i n ch vi nhiu host, mt b phn cm bin nhn mt mng m cn nhc trong mi lin h vi nhng s tn cng chng li mng ca bn.Nu mt ai ang qut nhiu host trn mng ca bn, nhng thng tin ny th hin nhin sn sng vo b cm bin. S thun li khc vi network-based IDS lkhng cn chy trn mi h iu hnh ca mng. Mt network-based IDS chy trn mt s b cm bn gii hn v nhng nn tng ca ngi qun l. Nhng nn tng ny c th c chn tip xc vi nhng yu cu thc thi c bit. Bn cnh vic n trn mng ang b gim st, nhng dch v ny c th d dng c lm cng bo v chng t nhng tn cng bi v chng phc v mt mc ch c bit trn mng. Ngay c CSIDS h tr mt b cm bin m l mt l trong gia nh 6000 cht xc tc( xem chng 14.catalyst 6000 IDS Module Configuration). Nhng kh khn Mt network-based IDS i din mt vi kh khn sau: Bng thng-Bandwidth Nhng mnh v rp- Fragment reassembly S m ha- Encryption

You might also like