Uhlelo lwe-intrusion detection (IDS) luqapha ithrafikhi yenethiwekhi kanye nabaqaphi bemisebenzi esolisayo kanye nezixwayiso ohlelweni noma umphathi wenethiwekhi. Kwezinye izimo, i-IDS ingaphendula futhi emgwaqeni ononya noma ononya ngokuthatha isinyathelo njengokuvimbela ikheli lomsebenzisi noma i- IP ekufinyeleleni kwinethiwekhi.
Ama-IDS angena ezinhlobonhlobo ze "flavour" futhi afike emgomweni wokuthola ithrafikhi elolisayo ngezindlela ezahlukene. Kukhona izinhlelo ezisetshenziswa ngokusekelwe kwinethiwekhi (NIDS) nezinhlelo zokuthola izintambo (HIDS) ezisekelwe ngaphakathi. Kukhona ama-IDS athola ukuthi usekelwe ekubhekeni amasignali athile okusongelwayo-okufana nendlela isofthiwe esetshenziswa ngayo i- antivirus ngokuvamile ithola futhi ivikele ngokumelene ne-malware- futhi kukhona ama-IDS atholakala ngokusekelwe emaphethini omgwaqo ngokumelene nesisekelo sokuqala futhi efuna izinkinga. Kukhona ama-IDS amane aqaphe futhi aqaphe futhi kukhona ama-IDS enza isinyathelo noma izenzo ekuphenduleni usongo olutholiwe. Sizovala wonke lawa mafushane.
I-NIDS
Izinhlelo zokuThungathwa kwe-Intrusion Network zifakwa endaweni eqondile noma amaphuzu ngaphakathi kwenethiwekhi ukuqapha ithrafikhi kuya nakuwo wonke amadivayisi enethiwekhi. Ngokufanelekile, uzoskena yonke ithrafikhi engenayo futhi ephumayo, noma ukwenza kanjalo kungase kudale umgogodla ongaphazamisa isivinini sonke senethiwekhi.
HIDS
Amasistimu wokuThungathwa kwe-Intrusion Hosts agijimela kubanikazi ngabanye noma amadivayisi kunethiwekhi. I-HIDS ihlola amaphakethe angenayo futhi aphumayo kusuka kudivayisi kuphela futhi izoxwayisa umsebenzisi noma umlawuli wemisebenzi esolisayo etholakala
Isignesha Isekelwe
I-IDS esekelwe isignesha izobe ihlole amaphakethe kunethiwekhi futhi iwuqhathanise ne-database yemasayinini noma izimfanelo ezivela ezinsongweni ezinonya eziziwa. Lokhu kufana nendlela isofthiwe eningi ye- antivirus ithola ngayo i-malware. Inkinga yukuthi kuzoba khona i-lag phakathi kokusongela okusha esitholakala endle futhi isignesha yokuthola ukuthi lokho kusongela ku-IDS yakho. Phakathi naleso sikhathi se-lag, i-IDS yakho ngeke ikwazi ukubona usongo olusha.
Isekelwe ku-Anomaly
I-IDS ehambisana ne-anomaly izolandela ithrafikhi yenethiwekhi iphinde iwuqhathanise nesisekelo esisekelwe. Isisekelo sendawo sizobona ukuthi "yinto evamile" yaleyo inethiwekhi- yikuphi uhlobo lokusebenzisa umkhawulokudonsa ngokuvamile osetshenzisiwe, yiziphi izivumelwano ezisebenzisayo, yiziphi izichweba namadivayisi ngokuvamile axhumeka komunye nomunye- futhi uqaphele umlawuli noma umsebenzisi lapho kutholakala ithrafikhi engasebenzi, noma ngokungafani kakhulu nesisekelo.
IDS encane
I-IDS engabonakali ivele ithole futhi isaziso. Uma ithrafikhi esolisayo noma enobungozi ithola ukuthi isaziso senziwe futhi sithunyelwa kumqondisi noma umsebenzisi futhi kuba kubo ukuthatha isinyathelo ukuvimba umsebenzi noma ukuphendula ngandlela-thile.
I-IDS esebenzayo
I-IDS esebenzayo ngeke ithole kuphela ithrafikhi esolisayo noma enobungozi futhi ixwayise umlawuli kodwa izothatha izinyathelo ezenzelwe ngaphambili zokuphendula ekusongeni. Ngokuvamile lokhu kusho ukuvimbela noma iyiphi enye inethiwekhi ye-traffic kusuka ekhelini le-IP yomsebenzisi noma kumsebenzisi.
Enye yezinhlelo ezitholakala kakhulu futhi ezijwayele ukutholakala kwe-intrusion ngumthombo ovulekile, utholakala ngokukhululekile nge-Snort. Itholakala ngezinombolo zamapulatifomu nezinhlelo zokusebenza ezifaka kokubili i- Linux ne-Windows . I-Snort inokulandela okukhulu futhi okuqotho futhi kunezinsiza eziningi ezitholakalayo kwi-Inthanethi lapho ungathola khona amasignesha ukuze uqalise ukuthola izinsongo zakamuva. Ngezinye izinhlelo zokusebenza zama-intrusion zokutholwa kwe-freeware, ungavakashela i- Free Intrusion Detection Software .
Kunomugqa omuhle phakathi kwe-firewall ne-IDS. Kukhona nobuchwepheshe obubizwa ngokuthi i-IPS - Intrusion Prevention System . I-IPS imayelana ne-firewall ehlanganisa ukuhlunga kwenethiwekhi-level kanye ne-application-level nge-IDS esebenzayo ukuze ivikele inethiwekhi ngokuqhubekayo. Kubonakala sengathi njengoba isikhathi siqhubeka nezibhamu, i-IDS ne-IPS zithatha izimfanelo eziningi komunye nomunye futhi zifiphaza umzila ngisho nangaphezulu.
Okuyisisekelo, i-firewall yakho iyinhlangano yakho yokuqala yokuvikela i-perimeter. Izindlela ezinhle kakhulu zincoma ukuthi i-firewall yakho ihlelwe ngokucacile ukuze i-DENY yonke imoto engenayo bese uvula izimbobo lapho kunesidingo. Kungase kudingeke uvule i-port 80 ukusingatha amasayithi ewebhu noma i-port 21 ukusingatha isiphakeli sefayela le-FTP . Ngayinye yalezi zimbobo zingadingeka ngombono owodwa, kodwa futhi ibhekisela kumakhansela angahle emgwaqweni ongeyena ukungena kwinethiwekhi yakho kunokuba uvaliwe yi-firewall.
Yilapho i-IDS yakho ingena khona. Kungakhathaliseki ukuthi usebenzisa i-NIDS yonkana yonke inethiwekhi noma i-HIDS kudivayisi yakho ethize, i-IDS izoqapha ithrafikhi engenayo futhi ephumayo futhi ithole ithrafikhi esolisayo noma enobungozi okungenzeka ukuthi inqamule i-firewall yakho noma ngenye indlela kungenzeka ukuthi ivela ngaphakathi kwenethiwekhi yakho.
I-IDS ingaba ithuluzi elikhulu lokuqapha ngokucophelela nokuvikela inethiwekhi yakho kusuka emisebenzini enonya, noma kunjalo, ijwayele ama-alamu amanga. Ngaso sonke isisombululo se-IDS oyisebenzisayo uzodinga "ukuyihlaziya" uma iqala ukufakwa. Udinga i-IDS ukuthi ilungiswe kahle ukuze ubone ukuthi yiyiphi ithrafikhi evamile kunethiwekhi yakho ngokumelene nokuthi yini engase ibe traffic embi nawe, noma abaphathi abanomthwalo wokuphendula izaziso ze-IDS, kudingeka baqonde ukuthi izixwayiso zisho ukuthini nokuthi uphendule ngempumelelo.