IDP-售后培训-C2-IntrusionConcepts

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

ImplementingIntrusionDetectionandPreventionChapter2:IntrusionDetectionandPreventionConceptsImplementingIntrusionDetectionandPreventionChapter2–2•IntrusionDetectionandPreventionConceptsThisChapterDiscusses:•Networkattackphasesanddetectionmethods;•JuniperIntrusionDetectionandPrevention(IDP)products;•IDPthree-tierarchitecture;and•CommonIDPdeploymentmodes.Copyright©2006JuniperNetworks,Inc.ProprietaryandConfidentialƒAftersuccessfullycompletingthischapter,youwillbeableto:•Describenetworkattackphasesanddetectionmethods•DescribetheJuniperNetworksIDPproducts•DescribetheIDPthree-tierarchitecture•DescribethecommonIDPdeploymentmodesImplementingIntrusionDetectionandPreventionIntrusionDetectionandPreventionConcepts•Chapter2–3NetworkAttackPhasesandDetectionTheslideliststhetopicswediscussinthischapter.Wediscussthehighlightedtopicfirst.Copyright©2006JuniperNetworks,Inc.ProprietaryandConfidentialÆNetworkAttackPhasesandDetectionƒJuniperNetworksIDPProductOfferingsƒJuniperNetworksIDPThree-TierArchitectureƒJuniperNetworksIDPDeploymentModesImplementingIntrusionDetectionandPreventionChapter2–4•IntrusionDetectionandPreventionConceptsProtectingNetworkAssetsAsanITsecurityprofessional,yourealizetheimportanceofprotectingyournetworkandinternalserversfromsecuritybreaches.Unpatchedoperatingsystems,misconfiguredWebserversorrouters,andinternalusersbringinginlaptopswithviruses,canallcausehavoconthecorporatenetwork.Yourjobistominimizenetworksecuritybreaches.Copyright©2006JuniperNetworks,Inc.ProprietaryandConfidential•Chapter2–5AttackPhasesTheattacklifecycleisawayofdescribingthestagesofanattackandhowsomeone,orsomething,mightgainandkeepaccesstoyoursystemsandnetwork.1.Reconnaissancephase—Attackersneedtounderstandthenetworktheyaretryingtoaccess,sotheyusedifferenttypesofnetwork,system,andapplicationdiscoverytoolstofigureoutthebestwaytoattackyoursystemandnetwork.Duringthisphase,attackersperformportscansagainsttargetserverstodeterminewhatservicesareavailable.Fingerprintingoftheoperatingsystemcanalsobeperformed.2.Attackphase—Attackergainaccesstoyoursystemornetwork.Examplesofthisphaseincludeexploitingconfigurationandimplementationmistakes,andexploitingvulnerabilities.3.Propagationphase—Attackersgainincreasedaccesstothesystemornetworkbyfurtherexploitation.Thisphaseincludesleavingbehindabackdoortogainaccessthroughasecretmeansaftertheoriginalexploithasbeenpatched.Copyright©2006JuniperNetworks,Inc.ProprietaryandConfidential•AAttackerscansforservertoexploit2.Exploitphase•OOncevulnerableserverfound,exploit(attack)islaunchedtogainadministrativeaccessonserver3.Propagationphase:•WWithadminaccessonserver,usestrustrelationshipwithotherback-endserverstotakethoseover.Attackercreatesatunnelbacktohimselftocontrolthetarget’snetworks.ImplementingIntrusionDetectionandPreventionChapter2–6•IntrusionDetectionandPreventionConceptsAttacksUseDifferentNetworkLayersDifferentTCP/IPprotocollayersdetectdifferentphasesofanattack;forexample:•Ingeneral,attacksinthereconnaissancephaseusenetworkscansandportscans.TheseattacksoccurattheTCP/IPnetworklayer.•Ingeneral,attacksintheexploitphaseusenetworkandapplicationlayers.•AttacksinthepropagationphasesenddatainboththeTCP/IPnetworklayerandtheTCP/IPapplicationlayer.Thus,inordertodetecttheseattacks,asecuritydevicemustexamineboththenetworkandapplicationlayers.Copyright©2006JuniperNetworks,Inc.ProprietaryandConfidential•Chapter2–7ExampleAttacksThechartontheslidelistsvariousattacksandthelayeroftheTCP/IPstackthatcorrespondstoeachattack.Copyright©2006JuniperNetworks,Inc.ProprietaryandConfidential–8•IntrusionDetectionandPreventionConceptsFirewallThefirewallprovidesthefirstlayerofdefensebyprovidingperimeterandboundaryprotectionusingdataencryption(VPNservices),authentication(identityverification),accesscontrol(firewall),andsomeattackdetectionandprevention(IntrusionPreventionSystem[IPS]).Whenthefirewallreceivestraffic,itlooksatthesetofrul

1 / 35
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功