1. Intrusion Detection Technology Overview
Including intrusion detection basic knowledge, including intrusion detection and generation development, the basic concepts of intrusion detection cooperation with, the need to study intrusion detection and intrusion detection and intrusion problems facing the development trend detection techniques
First, we look at
The basic concept of intrusion detection
Intrusion detection is a dynamic monitoring, prevention, or security against intrusion system, mainly through the monitoring network, the use of state of the system, as well as the behavior of the system to detect unauthorized use of system users as well as external systems using the system intruders security flaws of the system intrusion attempts.
The basic role and function of intrusion detection
1. Monitoring, Analysis active user and system
configuration and audit system vulnerabilities 2.
3. assess the integrity of critical system and data files
active recognition mode 4. Total
5. Statistical analysis of the abnormal activity of
6. The operating system audit trail management, user activity to identify policy violations
Currently intrusion detection problems faced
1. The high-speed network performance problems increase
2.IDS (Intrusion Detection Syetem) insufficient active defense capacity issues
Structure 3.IDS system
4.IDS their robustness problem
of intrusion detection in the cloud 5. The problem
2. Intrusion methods and means
First talk about
The general process of network intrusion
1. Targeting
2. Information Collection
3. vulnerability exploiting
4. attack
5. left back door
6. Clear Log
Manifestation of security threats there are many, including the only interfere with the normal operation of the network (usually called such attacks denial of service attack position, referred to Dos attack), it can also be complicated to attack selected targets initiative, modify or control network resources.
Common threats as follows
1. password cracking
2. Vulnerability protection
3. Trojan attack
4.DoS attack
5.IP address spoofing
6. network monitoring
7. virus attacks
8. Social engineering attacks
Denial of Service Attack
Will speak about the basic principles of denial of service attacks
denial of service attack supply is a very common form of Internet and unguarded.
There are many ways of denial of service attacks. The most basic denial of service attacks is to use reasonable service request to take up too much service resources, resulting in service is overloaded and can not respond to other requests. These services resources include network bandwidth, file system space capacity, opening up the process and so on. This attack will lead to lack of network device or operating system resources.
Means a typical denial of service attacks
1.SYN annihilation
SYN in TCP / IP handshake signals used to establish the connection,
the establishment of normal network connection between the client and the server
2.Land attack
through the use of some operating system vulnerabilities in the TCP / IP implementations to destroy host
3.Smurf attack
which uses a combination of IP spoofing, and ICMP recovery method allows large amounts of data flooding the target system, causing the target system can not serve as a normal system
4.Teardrop
can make the target host crash or hang. TCp or UDP packet Teardrop attacks and other similar attacks emanating contain the wrong IP packet reassembly information, so that the host will use the wrong information reassemble a complete package, resulting in the mnemonic listen crashes or hangs.
Buffer overflow attacks
Computer memory buffer area for temporarily storing data created by a program typically requires the use of buffers in the specified size.
A program should be strong enough to create a large buffer to store the data it received, or can detect and reject buffer usage exceeds the buffer receiving the data stored on the lines.
If a program acquires input information from the form. If the form data distribution of this program for the buffer is 16kb, while those who attempt to enter data input 18kb, then the program may allow the input data is not checked, regardless of the size of the problem, the results exceeded the data buffer can be other written to the memory area. If this memory has stored some important content, it may cause data loss or system crash.
The danger of this attack is that: if the buffer overflow caused by data covering a contiguous memory area, and this area is a part of computer instructions, then the stack, a malicious user could exploit this part of the instruction to make risky behavior.
Cross-site scripting attacks
Because CGI program is not submitted by a user variable in the HTML code to filter or conversion, resulting in vulnerability to cross-site scripting. CGI input form of two main types:
1. Explicit input
2. implicit input
which clearly requires explicit user inputs input data, and does not require user input implicit input data, but the user may interfere with the input data.
Significant input can be divided into two types:
1. Input completed immediately output
2. After setting previously stored in a text file or database, and then outputs the result.
The latter may cause a significant problem in the site, and except for some implicit input normal circumstances, can also use the server or CGI program error handling be implemented.
SQL Injection Attack
In the application, often using third-generation languages such as Visual Basic to organize SQl statement, and then passed to the background, to create, delete, query and database management background information. Since the database information is very sensitive, so the penetration and use of stolen information SQl to achieve, generally harmful.
I am first wrote this.
