Mumunda wekuchengetedza network, intrusion yekuona system (IDS) uye intrusion kudzivirira system (IPS) inoita basa rakakosha. Ichi chinyorwa chichaongorora zvakadzama tsananguro dzavo, mabasa, misiyano, uye mamiriro ekushandisa.
Chii chinonzi IDS(Intrusion Detection System)?
Tsanangudzo yeIDS
Intrusion yekuona sisitimu chishandiso chekuchengetedza chinotarisisa uye kuongorora network traffic kuona zvinogona kuitika zvakashata kana kurwiswa. Iyo inotsvaga masiginecha anofanana neanozivikanwa ekurwisa maitiro nekuongorora network traffic, system logs, uye rumwe ruzivo rwakakodzera.
Mashandiro anoita IDS
IDS inoshanda zvakanyanya nenzira dzinotevera:
Kuona Siginecha: IDS inoshandisa siginicha yakafanotsanangurwa yematanho ekurwisa kuti ienderane, yakafanana neyemavirus scanner yekuona mavhairasi. IDS inosimudza yambiro kana traffic iine zvinhu zvinoenderana nemasiginecha aya.
Anomaly Detection: Iyo IDS inotarisisa hwaro hweyakajairika network chiitiko uye inosimudza chenjedzo kana ichinge yaona mapatani akasiyana zvakanyanya kubva kune yakajairika maitiro. Izvi zvinobatsira kuziva kurwiswa kusingazivikanwe kana kutsva.
Protocol Analysis: IDS inoongorora mashandisirwo emaprotocol etiweki uye inoona maitiro asingaenderane neakajairwa maprotocol, zvichibva zvaona kurwiswa kungangoitika.
Mhando dzeIDS
Zvichienderana nekwadzinoiswa, IDS inogona kukamurwa kuita maviri makuru marudzi:
Network IDS (NIDS): Yakaiswa munetiweki yekutarisa traffic yese inoyerera kuburikidza netiweki. Inogona kuona zvese zviri zviviri network uye yekutakura layer kurwisa.
Host IDS (HIDS): Yakaiswa pane imwe chete inomiririra kuti itarise system chiitiko pane iyo host. Inonyanya kutariswa pakuona kurwisa-level kurwiswa senge malware uye abnormal mushandisi maitiro.
Chii chinonzi IPS(Intrusion Prevention System)?
Tsanangudzo yeIPS
Intrusion kudzivirira masisitimu maturusi ekuchengetedza anotora matanho ekutanga kumisa kana kudzivirira pakurwiswa kunogona kuitika mushure mekuona. Kuenzaniswa neIDS, IPS haingori chishandiso chekutarisa uye kunyevera, asiwo chishandiso chinogona kupindira zvine mutsindo nekudzivirira zvinogona kutyisidzira.
Iyo IPS inoshanda sei
IPS inochengetedza sisitimu nekushinga kuvharira kwakashata traffic inoyerera nepanetiweki. Yayo huru yekushanda musimboti inosanganisira:
Kuvhara Attack Traffic: Kana IPS yaona inogona kurwiswa traffic, inogona kutora matanho ekukurumidza kudzivirira iyi traffic kuti isapinde mumambure. Izvi zvinobatsira kudzivirira kumwe kupararira kwekurwisa.
Kugadzirisa zvakare Connection State: IPS inogona kuseta zvakare iyo yekubatanidza mamiriro ane chekuita nekurwiswa kungangoita, kumanikidza anorwisa kuti amisezve kubatana uye nekudaro kukanganisa kurwiswa.
Kugadzirisa Mitemo yeFirewall: IPS inogona kushandura zvine simba mitemo yefirewall kuvharira kana kubvumira mhando dzetraffic kuti dzienderane nemamiriro chaiwo ekutyisidzira.
Mhando dze IPS
Zvakafanana neIDS, IPS inogona kukamurwa kuita mhando mbiri huru:
Network IPS (NIPS): Yakaiswa munetiweki yekutarisa uye kudzivirira kubva mukurwiswa mukati metiweki yese. Inogona kudzivirira kubva kune network layer uye yekutakura layer kurwisa.
Host IPS (HIPS): Yakaiswa pane imwe chete dhizaini kuti ipe dziviriro chaiyo, inonyanya kushandiswa kuchengetedza kurwisa-level kurwiswa senge malware uye kushandisa.
Ndeupi musiyano uripo pakati peIntrusion Detection System (IDS) neIntrusion Prevention System (IPS)?
Nzira Dzakasiyana dzekushanda
IDS is passive monitoring system, inonyanya kushandiswa kuona uye alarm. Kusiyana neizvi, IPS inobatikana uye inokwanisa kutora matanho ekudzivirira kubva pakurwiswa kungangoitika.
Ngozi uye Mhedzisiro Kuenzanisa
Nekuda kwechimiro cheIDS, inogona kupotsa kana manyepo, nepo kudzivirira kwakasimba kweIPS kunogona kutungamira kune hushamwari moto. Pane kudikanwa kwekuenzanisa njodzi uye kubudirira kana uchishandisa ese ari maviri masisitimu.
Deployment uye Configuration Kusiyana
IDS inowanzo shanduka uye inogona kuiswa munzvimbo dzakasiyana mune network. Kusiyana neizvi, kutumirwa uye kumisikidzwa kweIPS kunoda kungwarira kuronga kudzivirira kukanganiswa ne traffic yakajairika.
Yakabatanidzwa Kushandiswa kweIDS uye IPS
IDS neIPS zvinopindirana, nekutarisa IDS uye nekupa chenjedzo uye IPS inotora matanho ekudzivirira ekudzivirira kana zvichidikanwa. Iko kusanganiswa kwavo kunogona kuumba yakawanda yakazara network yekuchengetedza mutsara.
Izvo zvakakosha kuti ugare uchivandudza mitemo, siginicha, uye kutyisidzira kungwara kweIDS neIPS. Kutyisidzira kweCyber kunogara kuchibuda, uye zvigadziriso nenguva zvinogona kuvandudza kugona kweiyo system kuona kutyisidzira kutsva.
Izvo zvakakosha kugadzirisa mitemo yeIDS uye IPS kune chaiyo network nharaunda uye zvinodiwa nesangano. Nekugadzirisa mitemo, kururamisa kwegadziriro kunogona kuvandudzwa uye nhema dzenhema uye kukuvara kweushamwari kunogona kuderedzwa.
IDS uye IPS inofanirwa kukwanisa kupindura kune zvinogona kutyisidzira munguva chaiyo. Mhinduro inokurumidza uye yakarurama inobatsira kudzivirira vanorwisa kubva pakukonzera kukuvadza kwakawanda mumambure.
Kuenderera mberi kwekutarisa kwetiweki traffic uye kunzwisisa kweakajairwa traffic maitiro kunogona kubatsira kuvandudza iyo inomaly yekuona kugona kweIDS uye kuderedza mukana wekunyepa.
Tsvaga zvakaruramaNetwork Packet Brokerkushanda neIDS yako (Intrusion Detection System)
Tsvaga zvakaruramaInline Bypass Tap Switchkushanda ne IPS yako (Intrusion Prevention System)
Nguva yekutumira: Sep-26-2024
