Eyona IDS yeLinux

Inkqubo yokufumanisa ukungena kwe-IDS

Ukhuseleko ngumba obalulekileyo kuyo nayiphi na inkqubo. Abanye bakholelwa ukuba * nix iinkqubo azichanabeki kulo naluphi na uhlaselo okanye azinakosulelwa yi-malware. Kwaye yimbono ephosakeleyo leyo. Kufuneka uhlale ugada, akukho nto ikhuselekile nge-100%. Ke ngoko, kuya kufuneka uphumeze iinkqubo ezikuncedayo ukubona, ukumisa, okanye ukunciphisa umonakalo wohlaselo lwe-cyber. Kweli nqaku uza kubona yintoni i-IDS kunye nezinye zezona zibalaseleyo yeLinux distro yakho.

Yintoni i-IDS?

Un I-IDS (Inkqubo yokuHlola i-Intrusion), okanye inkqubo yokufumanisa ukungena, yinkqubo yokubeka iliso ebona imisebenzi erhanelwayo kwaye ivelise uthotho lwezilumkiso zokuxela ukwaphulwa (zinokubonwa ngokuthelekisa utyikityo lwefayile, iipateni zokuskena okanye iziphazamiso ezikhohlakeleyo, ukuziphatha, ukubeka iliso, ulungelelwaniso, i-traffic yenethiwekhi ...) enokuthi yenzeke inkqubo.

Enkosi kwezi zilumkiso, unako phanda umthombo wengxaki kwaye athathe amanyathelo afanelekileyo okunyanga isoyikiso. Nangona, ayiboni konke ukuhlaselwa, kukho iindlela zokuphepha, kwaye ayibavimbi, ibika kuphela. Ukongeza, ukuba isekelwe kwiisignesha, ezona zoyikiso zamva nje (0-day), zinokubaleka kwaye zingabonwa.

Iindidi

Ngokusisiseko, zikho iintlobo ezimbini ze-IDS:

  • I-HIDS (I-IDS esekwe kumamkeli)- Isetyenziswe kwisiphelo esithile okanye umatshini kwaye yenzelwe ukukhangela izisongelo zangaphakathi nangaphandle. Imizekelo yi-OSSEC, Wazuh, kunye neSamhain.
  • I-NIDS (I-IDS esekwe kwiNethiwekhi)-Ukubeka iliso kuthungelwano luphela, kodwa ukungabikho kokubonakala phakathi kwesiphelo esiqhagamshelwe kuloo nethiwekhi. Imizekelo ngu-Snort, Suricata, Bro, kunye noKismet.

Umahluko nge-firewall, i-IPS kunye ne-UTM, i-SIEM ...

Kukho amagama ahlukeneyo anokulahlekisa, kodwa oko kunomahluko nge-IDS. Eminye yemigaqo enxulumene nokhuseleko ekufuneka uyazi yile:

  • Firewall: Ijongeka ngakumbi njenge-IPS kune-IDS, njengoko iyinkqubo yokufumanisa esebenzayo. I-firewall yenzelwe ukuvimba okanye ukuvumela unxibelelwano oluthile, kuxhomekeke kwimigaqo emiselweyo. Ingaphunyezwa zombini ngesoftware kunye nehardware.
  • IPS: sisishunqulelo seNkqubo yoThintelo lokuNgena, kwaye ihambelana ne-IDS. Yinkqubo ekwaziyo ukuthintela iziganeko ezithile, ngoko ke yinkqubo esebenzayo. Ngaphakathi kwe-IPS, iintlobo ezi-4 ezisisiseko zinokwahlulwa:
    • IINKONZO-Isekwe kwinethiwekhi kwaye ke ngoko jonga itrafikhi yenethiwekhi ekrokrelayo.
    • IINKCUKACHA: Njenge-NIP, kodwa kwiinethiwekhi ezingenazingcingo.
    • NBA- isekelwe ekuziphatheni kwenethiwekhi, ukuhlola i-traffic engaqhelekanga.
    • HIPS-Jonga umsebenzi okrokrelayo kwiinginginya ezizodwa.
  • UTM: sisishunqulelo soLawulo oluManyeneyo lweTreat, inkqubo yolawulo lwe-cybersecurity ebonelela ngemisebenzi emininzi esembindini. Ngokomzekelo, zibandakanya i-firewall, i-IDS, i-antimalware, i-antispam, isihluzo somxholo, ezinye i-VPN, njl.
  • Abanye: Kukho neminye imiqathango enxulumene nokhuseleko lwe-intanethi oyivileyo ngokuqinisekileyo:
    • EWE: sisishunqulelo soMphathi woLwazi loKhuseleko, okanye ulawulo lolwazi lokhuseleko. Kule meko, irejista ephakathi edibanisa yonke idatha enxulumene nokhuseleko ukuvelisa iingxelo, ukuhlalutya, ukwenza izigqibo, njl. Oko kukuthi, iseti yamandla okugcina olu lwazi kwixesha elide.
    • sem: Umsebenzi woMphathi woMnyhadala woKhuseleko, okanye ulawulo lomcimbi wokhuseleko, unoxanduva lokubona iipatheni ezingaqhelekanga ekufikeleleni, ubonelela ngokukwazi ukubeka iliso ngexesha langempela, ukulungelelaniswa kweziganeko, njl.
    • I-SIEM: ludibaniso lweSIM kunye ne-SEM, kwaye yenye yezona zixhobo eziphambili ezisetyenziswa kwi-SOC okanye kumaziko okusebenza kokhuseleko.

Eyona IDS yeLinux

IDS

Ewe ezona nkqubo zeIDS zingcono onokuzifumana kwi-GNU / Linux, unokulandelayo:

  • Bro (Zek): Iluhlobo lwe-NIDS kwaye lunemisebenzi yokungena kunye nohlalutyo lwe-traffic, i-SNMP yokubeka iliso kwi-traffic, kunye ne-FTP, i-DNS, kunye nomsebenzi we-HTTP, njl.
  • I-OSSEC: luhlobo lwe-HIDS, umthombo ovulekileyo kwaye usimahla. Ukongezelela, i-cross-platform, kwaye iirekhodi zayo zibandakanya i-FTP, idatha ye-server yewebhu kunye ne-imeyile.
  • Ukukhupha: yenye yezona zidumileyo, umthombo ovulekileyo, kunye nodidi lwe-NIDS. Ibandakanya i-sniffer yeepakethi, i-log yeepakethi zenethiwekhi, ubukrelekrele bezoyikiso, ukuthintela utyikityo, uhlaziyo lwexesha lokwenyani lotyikityo lokhuseleko, ukukwazi ukubona iziganeko ezininzi (i-OS, i-SMB, i-CGI, ukuphuphuma kwebuffer, izibuko ezifihliweyo, ...).
  • IMeerkat: olunye uhlobo lwe-NIDS, kunye nomthombo ovulekileyo. Iyakwazi ukubeka iliso kwizinga eliphantsi lomsebenzi, njenge-TCP, i-IP, i-UDP, i-ICMP, kunye ne-TLS, ngexesha langempela lezicelo ezifana ne-SMB, i-HTTP, kunye ne-FTP. Ivumela ukudityaniswa nezixhobo zomntu wesithathu ezifana neAnaval, Squil, BASE, Snorby, njl.
  • I-anyanisi yoKhuseleko: I-NIDS / HIDS, enye inkqubo ye-IDS egxininise ngokukodwa kwi-Linux distros, enekhono lokubona abangeni, ukubeka iliso kwishishini, i-packet sniffer, ibandakanya imizobo yento eyenzekayo, kwaye ungasebenzisa izixhobo ezifana ne-NetworkMiner, Snorby, Xplico, Sguil, ELSA , kunye noKibana.

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   electric sitsho

    Ndingeza uWazuh kuluhlu