基于snort入侵报告的安全数据库构建

hzmove
0 ℃
2019-09-30

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

上海交通大学硕士学位论文基于snort入侵报告的安全数据库构建姓名：胡秋卫申请学位级别：硕士专业：计算机应用技术指导教师：李小勇20061101isnortInternetIntranetERPsnortsnortsnortiiCONSTRUCTIONOFSECURESNORTINTRUSIONLOGBASEDDATABASEABSTRACTThefastdevelopmentofcomputerandcommunicationtechnologymakesthe21centurytobeaninformationera.ThetechnologyofInternetandIntranethasbecomeaveryimportanttooltohelpinformationestategrowquicklyandsocietyimprovesitself.Theconnectionofthenetworkmakestheshareofresourcesanddigitalcommunicationcometruewhichbringtheinnovationofthescientificresearch,enterprises'operationandsocialactivities.Thedatabaseisthecorepartofdatareservationandprocess,soit'sveryimportanttothewholeinformationsecurity.Mostoftheinformationissavedinthedatabaseincludingbusinessdata(transactiondataandfinancialinformation)andconfidentialinformation(privatedata,engineeringdataandbusinessormilitarysecret)andsoon.Thecompanieswhohavethesekindofassetsmustmakesurethattheseinformationcannotbeaccessedfromtheoutsideandtheunauthorizedinside.Databaseisthefoundationofe-business,e-governmentandERP,sothesafetyofthedatabaseisthefoundationofthesesystems.Thispaperintroducestheassessmentcriteriaandtherecentresearchprogressofthedatabasesecurityandtheintrusiondetectingsystemlikesnort.Wediscusssomecommonstrategiesofdatabasesecurityincludingidentificationauthentication,securitycontrol,ciphering,databackupandrestoreandaudit,andapplythesetechnologiesintotheconstructionofthesecuresnortintrusionlogbaseddatabaseeffectively.KEYWORDS:intrusiondetection,snort,databasesecurity,strategyofdatabasesecurity2006112020061120200611201InternetIntranetERP[11][4]1.11.1.1207080DoDTCSECTCSEC4DCBADA7B1C22informationtechnologysecurityevaluationcriteriaITSECITSECITSEC5FC1FC2FB1FB2FB3C1C2B1B2B3TCSECITSECTCSEC19911CommonCriteriaforITsecurityEvaluation,CC19961CC1.0ISO/IECJTC1/SC27CC2.1199912ISOISO/IEC154081999EvaluationcriteriaforITsecurityISO/IEC15408ISO/IEC15408ITSECTCSEC1166726PPSTNCSCTCSECtrusteddatabasemanagementsysteminterpretation,TDI20TDI3CCOracleDBMSPPOracle19981.0G.DBMS.PPC.DBMS.PPNIAPPP20033Oracle22.1DBMS.PP[12]1.1.2TCSEC199910GB1785919991999ISO154082001ISO/IEC154081999GB/T183362001TCSECC1C2B1B2B320012002GA/T3892002221.24123//45;6578910[13]~[14]1.36123123121.42070301.4.1196772070HinkeSchaeferI.P.SharpAssociate1983TCSEC2090RBAC1.4.290COBASEDM3LOISSoftbase()OpenbaseSecurity8COBASECOBASEV2.0TCSECTDIB1DMDM317859TCSECB1LOSIV1.0178599snort2.1InternetInternetInternete-businesse-business[15]InternetInternet[16]2.1.1IDSInternetInternet(Intrusiondetectionsystem,IDS)2.1.2IDS10(managementconsole)sensorIDSattacksignaturedatabaseTCPFINTCP2.1.31-1[5]2-1IDSFigure2-1IDSinnetworkIDSIDS11windowsNTUnix/etc/passwd/etc/shadow7951IDSIDS2IDSIDSIDS3IDSIDSIPSYNIDS4IDS5IDSIDS6IDSIDSIDS1IDS12IDSIDS2IDSadministratorIDSIDS3IDSIDSIDS4IDS5IDS6IDSIDS2.2snortSnortTCP/IPSnortSnortsnortGNUsnortSnortlibpcapCGISMBSnortsyslogSMB,winpopup13SnortBerkeleyPacketFilter(BPF)IISShowcodesnort2.2.1snortSnortsnortlibpcap1TCP/IPSnortSLIP,PPP2Snort(ChainHeader)(ChainOptions)snort45CGI-BINIP2-214ChainHeader------------------------SourceIPAddressDestinationIPAddressSourcePortDestinationPortChainHeader------------------------SourceIPAddressDestinationIPAddressSourcePortDestinationPortChainHeader------------------------SourceIPAddressDestinationIPAddressSourcePortDestinationPortChainOption------------------------ContentTCPFlagsICMPCodes/typesPayloadSizeEtc.ChainOption------------------------ContentTCPFlagsICMPCodes/typesPayloadSizeEtc.ChainOption------------------------ContentTCPFlagsICMPCodes/typesPayloadSizeEtc.ChainOption------------------------ContentTCPFlagsICMPCodes/typesPayloadSizeEtc.ChainOption------------------------ContentTCPFlagsICMPCodes/typesPayloadSizeEtc.ChainOption------------------------ContentTCPFlagsICMPCodes/typesPayloadSizeEtc.2-2Figure2-2logicalstructureofrulechainsnortplug-inplug-insnort[18]3/1535IPtcpdumptcpdumpsyslog2SambasmbclientWinPopupSyslog/swatchWinPopupWinPopup5[19]2.2.2snortSnortMysql,Postgresql,Oracle,SQLServer,unixODBCspo_database.cspo_database.hmysqlUnixmysqlsnortmysql1mysqlMysql[2].rpmmysqlrpmServerClientprogramLibraryandHeadersClientSharedlibrariesunixsnortLD_LIBRARY_PATHLinux/etc/ld.so.confld.so.confldconfigmysqllibmysqlclient.somysql/usr/local//usr/local/mysql/libLD_LIBRARY_PATHLinuxld.so.confSnortsnort:errorloadingsharedlibraries:libmysqlclient.so...:Nosuchfileordirectory2snortsnortshell./configureshellmake16shellmakeinstallmysql./configure./configure--with-mysql=DIRDIRmysql/usr/local/mysqlmysql./configure--with-mysql=/usr/local/mysql3shellechoCREATEDATABASEsnort;|mysql-uroot-psnortcontribmysqlreate_mysql:shellmysql-Dsnort-uroot-ppsqlsnortcreate_mysqlsnort4snortsnort_db_namesensor1shellmysql-uroot-Dmysql-pmysqlGRANTINSERT,SELECTonsnort_db_name.*tosnort@sensor1\IDENTIFIEDBY'snort_password';mysqlquit;5snortsnortsnortSnortoutputdatabase:[log|alert],[parameterlist]outputdatabasemysql,postgresql,odbcoracle[log|alert]logalertsnortsnort2[parameterlist]key1=value1key2=value2…dbnamesnortoutputdatabase:log,mysql,dbname=snortuser=foohost=