Yakanakisa IDS yeLinux

IDS intrusion yekuona system

Chengetedzo inyaya yakakosha mune chero system. Vamwe vanotenda kuti * nix masisitimu haapindike kune chero kurwiswa kana kuti haagone kutapukirwa nemalware. Uye iyo ipfungwa isiriyo. Iwe unofanirwa kugara wakangwarira, hapana chakachengeteka 100%. Naizvozvo, iwe unofanirwa kuita masisitimu anokubatsira kuona, kumisa, kana kuderedza kukuvadzwa kwekurwiswa kwecyber. Muchinyorwa chino uchaona chii chinonzi IDS uye zvimwe zvakanakisa yeLinux distro yako.

Chii chinonzi ID?

Un IDS (Intrusion Detection System), kana kuti intrusion yekuona system, is a monitoring system inoona zviitiko zvinofungirwa uye inogadzira nhevedzano yechenjedzo kuti utaure kutyorwa (inogona kuwonekwa nekuenzanisa siginecha yefaira, scanning mapatani kana zvakashata anomalies, maitiro ekutarisa, zvigadziriso, network traffic...) iyo inogona kunge yakaitika mukati hurongwa.

Nekuda kwezviziviso izvi, unokwanisa tsvaga panobva dambudziko uye kutora matanho akakodzera kugadzirisa dambudziko racho. Kunyangwe, haione kurwiswa kwese, kune nzira dzekunzvenga, uye haina kuvavharira zvakare, inongozvitaura. Uyezve, kana yakavakirwa pamasaini, kutyisidzira kwazvino (0-zuva) kunogonawo kutiza uye kuenda kusingaonekwe.

Mhando

Chaizvoizvo, zviripo mhando mbiri dzezvitupa:

  • HIDS (Host-based IDS): Inoiswa pane imwe yekupedzisira kana muchina uye yakagadzirirwa kuona mukati nekunze kutyisidzira. Mienzaniso ndeye OSSEC, Wazuh, uye Samhain.
  • NIDS (Network-based IDS): Kutarisa network yese, asi kushaya kuoneka mumagumo akabatana netiweki iyoyo. Mienzaniso ndeinoti Snort, Meerkat, Bro, naKismet.

Misiyano ine firewall, IPS uye UTM, SIEM…

Pane mazwi akasiyana-siyana anogona kukonzera kuvhiringidzika, asi izvo zvine misiyano neIDS. Mamwe ematemu ane chekuita nekuchengetedza aunofanirwa kuzivawo ndeaya:

  • firewall: Yakafanana neIPS pane IDS, sezvo iri inoshanda yekuona sisitimu. A firewall yakagadzirirwa kuvhara kana kubvumira kumwe kutaurirana, zvichienderana nemitemo yakagadziriswa. Inogona kushandiswa nezvose zviri zviviri software uye hardware.
  • IPS: inomirira Intrusion Prevention System, uye inoenderana neIDS. Iro system inokwanisa kudzivirira zvimwe zviitiko, saka iyo inoshanda system. Mukati meIPS, 4 mhando dzakakosha dzinogona kusiyaniswa:
    • MAZANO: network-yakavakirwa uye saka tsvaga inofungidzira network traffic.
    • MASHOKO: kufanana neNIPS, asi kune wireless network.
    • NBA: Izvo zvinoenderana nemaitiro etiweki, kuongorora zvisingaite traffic.
    • HIPS-Tsvaga chiitiko chekufungidzira pane akasarudzika anotambira.
  • UTM: inomiririra Unified Threat Management, cybersecurity management system inopa akawanda epakati mabasa. Semuenzaniso, iwo anosanganisira firewall, IDS, antimalware, antispam, zvirimo kusefa, zvimwe kunyange VPN, nezvimwe.
  • Zvimwe: Kune zvakare mamwe mazwi ane chekuita necybersecurity awakanzwa zvechokwadi:
    • YES: inomiririra Security Information Manager, kana kuchengetedza ruzivo manejimendi. Muchiitiko ichi, iregistry yepakati iyo inounganidza data rese rine chekuita nekuchengetedza kuburitsa mishumo, kuongorora, kuita sarudzo, nezvimwe. Ndiko kuti, seti yekugona kwekugara kwenguva refu yeruzivo rwakataurwa.
    • SEM: Chengetedzo Chiitiko Maneja basa, kana kuchengetedza chiitiko manejimendi, ine basa rekuona asina kujairika mapatani mukuwana, inopa kugona kutarisa munguva chaiyo, kubatanidza zviitiko, nezvimwe.
    • SIEM: Iko kusanganiswa kweSIM neSEM, uye ndechimwe chezvishandiso zvikuru zvinoshandiswa muSOC kana nzvimbo dzekuchengetedza mabasa.

Yakanakisa IDS yeLinux

IDS

Kana zvakadaro iwo akanakisa maIDS masisitimu aunogona kuwana eGNU/Linux, une zvinotevera:

  • Bro (Zek): Iyo imhando yeNIDS uye ine mabasa etraffic log uye ongororo, SNMP traffic yekutarisa, uye FTP, DNS, uye HTTP chiitiko, nezvimwe.
  • OSSEC: imhando yeHIDS, yakavhurika sosi uye yemahara. Uye zvakare, iri muchinjika-chikuva, uye matanda ayo anosanganisirawo FTP, webhu server data, uye email.
  • Kunonoka: Ndiyo imwe yeanonyanya kuzivikanwa, yakavhurika sosi, uye NIDS mhando. Inosanganisira packet sniffer, network packet regging, kutyisidzira kungwara, siginecha blocking, real-time updates yemasiginecha ekuchengetedza, kugona kuona akawanda kwazvo zviitiko (OS, SMB, CGI, buffer mafashama, zvakavanzika zviteshi,…).
  • Meerkat: imwe NIDS mhando, zvakare yakavhurika sosi. Inogona kutarisa yakaderera-chikamu chiitiko, seTCP, IP, UDP, ICMP, uye TLS, munguva chaiyo yezvikumbiro zvakaita seSMB, HTTP, uye FTP. Inobvumira kubatanidzwa nevechitatu-bato maturusi akadai saAnaval, Squil, BASE, Snorby, nezvimwe.
  • Chengetedzo Onion: NIDS/HIDS, imwe IDS system yakatarisana neLinux distros, ine kugona kuona vapinda, bhizinesi rekutarisa, packet sniffer, inosanganisira magirafu ezvinoitika, uye zvishandiso zvakaita seNetworkMiner, Snorby, Xplico, Sguil, ELSA inogona kushandiswa , uye Kibana.

Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Mhinduro, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   zvemagetsi akadaro

    Ini ndaizowedzera Wazuh pane iyo rondedzero