Tải bản đầy đủ

Cisco press intrusion prevention fundamentals jan 2006 ISBN 1587052393

IntrusionPreventionFundamentals
ByEarlCarter,JonathanHogue
...............................................
Publisher:CiscoPress
PubDate:January18,2006
PrintISBN-10:1-58705-239-3
PrintISBN-13:978-1-58705-239-2
Pages:312

TableofContents|Index

AnintroductiontonetworkattackmitigationwithIPS

WheredidIPScomefrom?Howhasitevolved?
HowdoesIPSwork?Whatcomponentsdoesithave?
WhatsecurityneedscanIPSaddress?
DoesIPSworkwithothersecurityproducts?Whatisthe"bigpicture"?
WhatarethebestpracticesrelatedtoIPS?
HowisIPSdeployed,andwhatshouldbeconsideredpriortoadeployment?

IntrusionPreventionFundamentalsoffersanintroductionandin-depthoverviewof

IntrusionPreventionSystems(IPS)technology.Usingreal-worldscenariosandpractical
casestudies,thisbookwalksyouthroughthelifecycleofanIPSprojectfromneeds
definitiontodeploymentconsiderations.ImplementationexampleshelpyoulearnhowIPS
works,soyoucanmakedecisionsabouthowandwhentousethetechnologyand
understandwhat"flavors"ofIPSareavailable.Thebookwillanswerquestionslike:

WhetheryouareevaluatingIPStechnologiesorwanttolearnhowtodeployandmanage
IPSinyournetwork,thisbookisaninvaluableresourceforanyonewhoneedstoknow
howIPStechnologyworks,whatproblemsitcanorcannotsolve,howitisdeployed,and
whereitfitsinthelargersecuritymarketplace.



Understandthetypes,triggers,andactionsofIPSsignatures
Deploy,configure,andmonitorIPSactivitiesandsecureIPScommunications
Learnthecapabilities,benefits,andlimitationsofhostIPS
ExaminetheinnerworkingsofhostIPSagentsandmanagementinfrastructures
EnhanceyournetworksecurityposturebydeployingnetworkIPSfeatures
EvaluatethevariousnetworkIPSsensortypesandmanagementoptions
Examinereal-worldhostandnetworkIPSdeploymentscenarios

ThisbookispartoftheCiscoPress®FundamentalsSeries.Booksinthisseriesintroduce
networkingprofessionalstonewnetworkingtechnologies,coveringnetworktopologies,
exampledeploymentconcepts,protocols,andmanagementtechniques.

IncludesaFREE45-DayOnlineEdition



IntrusionPreventionFundamentals
ByEarlCarter,JonathanHogue
...............................................
Publisher:CiscoPress
PubDate:January18,2006
PrintISBN-10:1-58705-239-3
PrintISBN-13:978-1-58705-239-2
Pages:312

TableofContents|Index














































Copyright
AbouttheAuthors
AbouttheTechnicalReviewers
Acknowledgments
IconsUsedinThisBook
PartI:IntrusionPreventionOverview
Chapter1.IntrusionPreventionOverview
EvolutionofComputerSecurityThreats
EvolutionofAttackMitigation
IPSCapabilities
Summary
Chapter2.SignaturesandActions
SignatureTypes
SignatureTriggers
SignatureActions
Summary
Chapter3.OperationalTasks
DeployingIPSDevicesandApplications
ConfiguringIPSDevicesandApplications
MonitoringIPSActivities
SecuringIPSCommunications
Summary
Chapter4.SecurityinDepth
Defense-in-DepthExamples















































































TheSecurityPolicy
TheFutureofIPS
Summary
PartII:HostIntrusionPrevention
Chapter5.HostIntrusionPreventionOverview
HostIntrusionPreventionCapabilities
HostIntrusionPreventionBenefits
HostIntrusionPreventionLimitations
Summary
ReferencesinThisChapter
Chapter6.HIPSComponents
EndpointAgents
ManagementInfrastructure
Summary
PartIII:NetworkIntrusionPrevention
Chapter7.NetworkIntrusionPreventionOverview
NetworkIntrusionPreventionCapabilities
NetworkIntrusionPreventionBenefits
NetworkIntrusionPreventionLimitations
HybridIPS/IDSSystems
SharedIDS/IPSCapabilities
Summary
Chapter8.NIPSComponents
SensorCapabilities
CapturingNetworkTraffic
AnalyzingNetworkTraffic
RespondingtoNetworkTraffic
SensorManagementandMonitoring
Summary
PartIV:DeploymentSolutions
Chapter9.CiscoSecurityAgentDeployment
Step1:UnderstandtheProduct
Step2:PredeploymentPlanning
Step3:ImplementManagement
Step4:Pilot
Step5:Tuning
Step6:FullDeployment
Step7:FinalizetheProject
Summary





















































ImplementManagement
Chapter10.DeployingCiscoNetworkIPS
Step1:UnderstandtheProduct
Step2:PredeploymentPlanning
Step3:SensorDeployment
Step4:Tuning
Step5:FinalizetheProject
Summary
Chapter11.DeploymentScenarios
LargeEnterprise
BranchOffice
MediumFinancialEnterprise
MediumEducationalInstitution
SmallOffice
HomeOffice
Summary
PartV:Appendix
AppendixA.SampleRequestforInformation(RFI)Questions
Solution
Support
Training
Licensing
NetworkIntrusionPrevention
HostIntrusionPrevention
Glossary
Index


Copyright
IntrusionPreventionFundamentals
EarlCarterandJonathanHogue
Copyright©2006CiscoSystems,Inc.
Publishedby:
CiscoPress
800East96thStreet
Indianapolis,IN46240USA
Allrightsreserved.Nopartofthisbookmaybereproducedor
transmittedinanyformorbyanymeans,electronicor
mechanical,includingphotocopying,recording,orbyany
informationstorageandretrievalsystem,withoutwritten
permissionfromthepublisher,exceptfortheinclusionofbrief
quotationsinareview.
PrintedintheUnitedStatesofAmerica1234567890
FirstPrintingJanuary2006
LibraryofCongressCataloging-in-PublicationNumber:
2005922371

WarningandDisclaimer
Thisbookisdesignedtoprovideanoverviewofintrusion
preventionbyexaminingHost-basedIntrusionPrevention
capabilitiesandNetwork-basedIntrusionPrevention
functionality.Everyefforthasbeenmadetomakethisbookas
completeandasaccurateaspossible,butnowarrantyor
fitnessisimplied.


Theinformationisprovidedonan"asis"basis.Theauthors,
CiscoPress,andCiscoSystems,Inc.,shallhaveneitherliability
norresponsibilitytoanypersonorentitywithrespecttoany
lossordamagesarisingfromtheinformationcontainedinthis
bookorfromtheuseofthediscsorprogramsthatmay
accompanyit.
Theopinionsexpressedinthisbookbelongtotheauthorand
arenotnecessarilythoseofCiscoSystems,Inc.

CorporateandGovernmentSales
CiscoPressoffersexcellentdiscountsonthisbookwhen
orderedinquantityforbulkpurchasesorspecialsales.For
moreinformation,pleasecontact:U.S.Corporateand
GovernmentSales1-800-382-3419
corpsales@pearsontechgroup.com
ForsalesoutsideoftheU.S.,pleasecontact:International
Sales1-317-581-3793international@pearsontechgroup.com

TrademarkAcknowledgments
Alltermsmentionedinthisbookthatareknowntobe
trademarksorservicemarkshavebeenappropriately
capitalized.CiscoPressorCiscoSystems,Inc.,cannotattestto
theaccuracyofthisinformation.Useofaterminthisbook
shouldnotberegardedasaffectingthevalidityofany
trademarkorservicemark.

FeedbackInformation
AtCiscoPress,ourgoalistocreatein-depthtechnicalbooksof
thehighestqualityandvalue.Eachbookiscraftedwithcare
andprecision,undergoingrigorousdevelopmentthatinvolves


theuniqueexpertiseofmembersfromtheprofessional
technicalcommunity.
Readers'feedbackisanaturalcontinuationofthisprocess.If
youhaveanycommentsabouthowwecouldimprovethe
qualityofthisbook,orotherwisealterittobettersuityour
needs,youcancontactusthroughe-mailat
feedback@ciscopress.com.Pleasemakesuretoincludethe
booktitleandISBNinyourmessage.
Wegreatlyappreciateyourassistance.
Publisher

JohnWait

Editor-in-Chief

JohnKane

ExecutiveEditor

BrettBartow

CiscoRepresentative

AnthonyWolfenden

CiscoPressProgramManager

JeffBrady

ProductionManager

PatrickKanouse

DevelopmentEditor

DeadlineDrivenPublishing

SeniorProjectEditor

SanDeePhillips

CopyEditor

KevinKent

TechnicalEditors

GregAbelar,GaryHalleen,Shawn
Merdinger

EditorialAssistant

RainaHan

BookandCoverDesigner

LouisaAdair


Composition

MarkShirar

Indexer

TimWright

CorporateHeadquarters
CiscoSystems,Inc.
170WestTasmanDrive
SanJose,CA95134-1706
USA
www.cisco.com
Tel:408526-4000
800553-NETS(6387)
Fax:408526-4100
EuropeanHeadquarters
CiscoSystemsInternationalBV
Haarlerbergpark
Haarlerbergweg13-19
1101CHAmsterdam
TheNetherlands
www-europe.cisco.com
Tel:310203571000
Fax:310203571100
AmericasHeadquarters
CiscoSystems,Inc.
170WestTasmanDrive
SanJose,CA95134-1706
USA
www.cisco.com


Tel:408526-7660
Fax:408527-0883
AsiaPacificHeadquarters
CiscoSystems,Inc.
CapitalTower
168RobinsonRoad
#22-01to#29-01
Singapore068912
www.cisco.com
Tel:+6563177777
Fax:+6563177799
CiscoSystemshasmorethan200officesinthefollowing
countriesandregions.Addresses,phonenumbers,andfax
numbersarelistedontheCisco.comWebsiteat
www.cisco.com/go/offices.
Argentina•Australia•Austria•Belgium•Brazil•Bulgaria•
Canada•Chile•ChinaPRC•Colombia•CostaRica•Croatia•
CzechRepublic•Denmark•Dubai,UAE•Finland•France•
Germany•Greece•HongKongSAR•Hungary•India•
Indonesia•Ireland•Israel•Italy•Japan•Korea•
Luxembourg•Malaysia•Mexico•TheNetherlands•New
Zealand•Norway•Peru•Philippines•Poland•Portugal•
PuertoRico•Romania•Russia•SaudiArabia•Scotland•
Singapore•Slovakia•Slovenia•SouthAfrica•Spain•
Sweden•Switzerland•Taiwan•Thailand•Turkey•Ukraine•
UnitedKingdom•UnitedStates•Venezuela•Vietnam•
Zimbabwe
Copyright©2003CiscoSystems,Inc.Allrightsreserved.CCIP,
CCSP,theCiscoArrowlogo,theCiscoPoweredNetworkmark,
theCiscoSystemsVerifiedlogo,CiscoUnity,FollowMe
Browsing,FormShare,iQNetReadinessScorecard,Networking
Academy,andScriptSharearetrademarksofCiscoSystems,
Inc.;ChangingtheWayWeWork,Live,Play,andLearn,The
FastestWaytoIncreaseYourInternetQuotient,andiQuick


StudyareservicemarksofCiscoSystems,Inc.;andAironet,
ASIST,BPX,Catalyst,CCDA,CCDP,CCIE,CCNA,CCNP,Cisco,
theCiscoCertifiedInternetworkExpertlogo,CiscoIOS,the
CiscoIOSlogo,CiscoPress,CiscoSystems,CiscoSystems
Capital,theCiscoSystemslogo,EmpoweringtheInternet
Generation,Enterprise/Solver,EtherChannel,EtherSwitch,Fast
Step,GigaStack,InternetQuotient,IOS,IP/TV,iQExpertise,
theiQlogo,LightStream,MGX,MICA,theNetworkerslogo,
NetworkRegistrar,Packet,PIX,Post-Routing,Pre-Routing,
RateMUX,Registrar,SlideCast,SMARTnet,StrataViewPlus,
Stratm,SwitchProbe,TeleRouter,TransPath,andVCOare
registeredtrademarksofCiscoSystems,Inc.and/orits
affiliatesintheU.S.andcertainothercountries.
AllothertrademarksmentionedinthisdocumentorWebsite
arethepropertyoftheirrespectiveowners.Theuseoftheword
partnerdoesnotimplyapartnershiprelationshipbetweenCisco
andanyothercompany.(0303R)
PrintedintheUSA

Dedications
Earl'sdedication:Withoutmylovingfamily,Iwouldnotbe
whereIamtoday.TheyalwayssupportalltheprojectsthatI
undertake.Therefore,IdedicatethisbooktomywifeChris,my
daughterAriel,andmysonAidan.
Jonathan'sdedication:TomywifeLiz,forbelievinginme.




AbouttheAuthors
EarlCarter,CCNA,isaconsultingengineerandmemberofthe
SecurityTechnologiesAssessmentTeam(STAT)forCisco
Systems,Inc.Heperformssecurityevaluationsonnumerous
Ciscoproducts,includingeverythingfromthePIXFirewalland
VPNsolutionstoCiscoCallManagerandotherVoIPproducts.He
startedwithCiscodoingresearchforCiscoSecureIntrusion
DetectionSystem(formerlyNetRanger)andCiscoSecure
Scanner(formerlyNetSonar).
JonathanHogue,CISSP,isatechnicalmarketingengineerin
CiscoSecurityBusinessUnit,wherehisprimaryfocusisthe
CiscoSecurityAgent.Hehasbeeninvolvedwithhost-based
securityproductssince1999whenhejoinedTrendMicro.In
2001,hebeganworkingwithoneofthefirsthostintrusion
preventionproducts,StormWatchbyOkena,Inc.Okenawas
subsequentlyacquiredbyCiscoSystems.




AbouttheTechnicalReviewers
GregAbelarhasbeenanemployeeofCiscoSystemssince
December1996.HewasanoriginalmemberoftheCisco
TechnicalAssistanceSecurityteam,helpingtohireandtrain
manyoftheengineers.Hehasheldvariouspositionsinboth
theSecurityArchitectureandSecurityTechnicalMarketing
EngineeringteamsatCisco.Gregistheprimaryfounderand
projectmanageroftheCiscowrittenCCIESecurityexam.
GaryHalleenhasbeenanemployeeofCiscoSystems,Inc.,
since2000,andisaconsultingsystemsengineerforsecurity
products.GaryworkscloselywithCiscosecurityproductteams
andhaspresentedatNetworkersandothersecurity
conferences.BeforeheworkedatCisco,Garyheldsecurity
positionsatacollegeandanInternetserviceprovider.Working
withlocallawenforcement,Garyhelpedtoprosecutethefirst
successfulcomputercrimesconvictioninhisstate.
ShawnMerdingerisasecurityresearcherbasedinAustin,
Texas,withsevenyearsofexperienceinthenetworksecurity
industry.HecurrentlyworkswithTippingPoint(asecurity
divisionof3Com),analyzingVoIPsecurity.BeforeShawnjoined
TippingPoint,heworkedasaSecurityResearchEngineerwith
theCiscoSystemsSecurityTechnologiesAssessmentTeam
(STAT)andSecurityEvaluationOffice(SEO),wherehe
performedvulnerabilityassessmentsonavarietyofdevices,
technologies,andimplementations.Shawnholdsamaster's
degreefromtheUniversityofTexasatAustin.Shawnisalsoan
avidsupporterofthelocalnon-profitgroupAustinFreeNet,
whichhelpstobridgetheDigitalDivide.




Acknowledgments
First,wewanttosaythatmanypeoplehelpedusduringthe
writingofthisbook(toomanytobelistedhere).Everyonethat
wehavedealtwithhasbeenverysupportiveandcooperative.
Thetechnicaleditors,GregAbelar,ShawnMerdinger,andGary
Halleen,supplieduswiththeirexcellentinsightandgreatly
improvedtheaccuracyandclarityofthetext.




IconsUsedinThisBook

CommandSyntaxConventions
Theconventionsusedtopresentcommandsyntaxinthisbook
arethesameconventionsusedintheIOSCommandReference.
TheCommandReferencedescribestheseconventionsas
follows:
Boldfaceindicatescommandsandkeywordsthatare
enteredliterallyasshown.Inactualconfigurationexamples


andoutput(notgeneralcommandsyntax),boldface
indicatescommandsthataremanuallyinputbytheuser
(suchasashowcommand).
Italicsindicateargumentsforwhichyousupplyactual
values.
Verticalbars(|)separatealternative,mutuallyexclusive
elements.
Squarebrackets[]indicateoptionalelements.
Braces{}indicatearequiredchoice.
Braceswithinbrackets[{}]indicatearequiredchoice
withinanoptionalelement.

Introduction
IntrusionPreventionisafairlynewtechnologythatyoucan
deploytoprotectyournetworkfromattackandhelpenforce
yoursecuritypolicyguidelines.Understandingthistechnologyis
vitaltosuccessfullydeployingthistechnologyonyournetwork.
ThisbookisdesignedtoprovideanoverviewofIntrusion
Preventionthatenablestechnologyanalystsandarchitects,
especiallythoseinchargeofcorporatesecurity,todetermine
howIntrusionPreventioncanbedeployedontheirnetworks.
Furthermore,theinformationprovidedassiststhereaderto
assessthebenefitsofIntrusionPrevention.

GoalsandMethods
Thegoalofthisbookistoprovideanintroductionandin-depth
overviewofIntrusionPreventionasatechnology,ratherthana


technicalconfigurationguide.Itusesreal-worldscenariosand
fictitiouscasestudiestowalkreadersthroughthelifecycleofan
IPSprojectfromneedsdefinitiontodeploymentconsiderations.
CiscoIPSproductsareusedasexamplestohelpreaderslearn
howIPSworks,makedecisionsabouthowandwhentousethe
technology,andwhat"flavors"ofIPSareavailable.However,
theintentofthematerialistoprovideinformationonIntrusion
Preventionasatechnology,notjustCiscoIntrusionPrevention
products.Thebookanswersquestionssuchasthefollowing:
WheredidIPScomefrom?Howhasitevolved?
HowdoesIPSwork?Whatcomponentsdoesithave?
WhatsecurityneedscanIPSaddress?How?
DoesIPSworkwithothersecurityproducts?Whatisthe
"bigpicture?"
AretherebestpracticesrelatedtoIPS?Whatarethey?
HowisIPSdeployed,andwhatshouldbeconsideredbefore
adeployment?
IntrusionPreventioncanbeappliedtoyournetworkatboththe
hostlevelandatthenetworklevel.Eachoftheselevelshas
specificcapabilitiesthatcomplementeachothertoprovidea
strongeroveralllevelofsecurityprotection.Thisbookexplains
thebenefitsofeachoftheseareasofprotection,anditwalks
thereaderthroughdetaileddeploymentexamplestohelpyou
understandthestepsyouneedtoperformtodeployIntrusion
Preventiononyournetwork.

ThisBook'sAudience


Theprimaryaudienceforthisbookcomprisesinformation
technologyanalystsandarchitects,especiallythoseinchargeof
corporatesecurity,networks,andbusinessneeds.Thesepeople
shouldhaveanintermediatelevelofexperience.Thesecondary
audienceincludesnetworkandsecurityengineerswith
advancedexperienceaswellasgeneraltechnologyanalystsand
journalistswithexperienceatabeginner'slevel.
Thisbookassumesthatthereaderhasabasicunderstandingof
commonsecuritytechnologiessuchasantivirus,Intrusion
DetectionSystems,andfirewalls.Readersshouldalsohavea
basicunderstandingofsecuritythreatandsecurityregulations.

HowThisBookIsOrganized
Thisbookisorganizedintofivemajorpartswithsubsectionsfor
eachpart.PartIintroducesIntrusionPreventiontechnologyas
awhole,withsubsectionsthatdetailthehistoryandevolution
ofIntrusionPreventionSystem(IPS),thereasonforits
evolution,andcontinuingtechnologytrends.PartIIfocuseson
HostIntrusionPreventionspecifically,howitworkstechnically,
anin-depthtechnicallookatitscomponents,whatproblemsit
cansolve,purchasedecisions,andsoon.PartIIIexamines
NetworkIntrusionPreventioninasimilarmanner.PartIVdelves
intodeploymentofbothtechnologies.PartVprovidesasample
RequestforInformation(RFI)documentaswellasaglossaryof
somekeytermsassociatedwithIntrusionPrevention.
PartI:IntrusionPreventionOverview
Theinitialpartprovidesahigh-leveloverviewofintrusion
prevention.Thisoverviewprovidesthereaderwithastrong
backgroundunderstandingofIntrusionPreventionthatis
expandedintheHostIntrusionPreventionandNetwork
IntrusionPreventionparts.


-Chapter1,"IntrusionPreventionOverview"This
chapterexaminesthefactorsthatledtotheexistence
ofIPS,theevolutionofsecuritythreats,theevolutionof
attackmitigation,andbasicIPScapabilities.
-Chapter2,"SignaturesandActions"Thischapter
discussesthetypes,triggers,andactionsofIPS
signatures.
-Chapter3,"OperationalTasks"Thischapterreviews
thehigh-leveltasksrelatedtousingIPS.Theseinclude
deployment,configuration,monitorIPSactivities,and
secureIPScommunications.
-Chapter4,"SecurityinDepth"Thischapter
demonstratestheimportanceofsecurityindepth.It
givesexamples,explainstheroleofthesecuritypolicy,
anddescribesfutureIPSdevelopmentsthatre-enforce
theconcept.
PartII:HostIntrusionPrevention
ThispartprovidesdetailedinformationaboutHostIntrusion
PreventionandusesCiscoSecurityAgent(CSA)asa
realisticexample.Theinformationprovided,however,isnot
detailedstep-by-stepconfigurationexamples.Instead,it
explainsindetailhowtheproductscanbeusedtoprovide
IntrusionPrevention.Throughouteachchapter,specific
informationisprovidedastohowCSAhandlesspecificHost
IntrusionPreventionproblemsthatyoumightexperienceon
yournetwork.
-Chapter5,"HostIntrusionPreventionOverview"This
chapterlooksatthecapabilities,benefits,and
limitationsofHIPS.
-Chapter6,"HIPSComponents"Thischapterexamines
theinnerworkingsofHIPSagentsandmanagement


infrastructures.
PartIII:NetworkIntrusionPrevention
ThispartprovidesdetailedinformationaboutNetwork
IntrusionPrevention,alongwithrealisticinformationtouse
CiscoNetworkIntrusionPreventionproducts.The
informationprovided,however,isnotdetailedstep-by-step
configurationexamples.Instead,itexplainsindetailhow
theproductscanbeusedtoprovideIntrusionPrevention.
EachchapterprovidesdetailedinformationonCisco
NetworkIntrusionproductcapabilitiesandhowthose
capabilitiescanprotectyournetwork.
-Chapter7,"NetworkIntrusionPrevention
Overview"Thischapterexplainsthecapabilitiesthat
NetworkIntrusionPreventionSystems(NIPS)canadd
toanetworktoenhanceitssecurityposture.
-Chapter8,"NIPSComponents"Thischapteranalyzes
andexplainsthevariouscomponentsthatcomprisea
NIPS,includingvarioussensortypesandmanagement
options.
PartIV:DeploymentSolutions
ThissectionwalksyouthroughthedeploymentofIntrusion
Preventionindifferentnetworkconfigurations.
-Chapter9,"CiscoSecurityAgentDeployment"This
chapterdescribesthetasksanddecisionsyouneedto
makeduringtheimplementationofareal-worldHIPS
product,theCiscoSecurityAgent(CSA).
-Chapter10,"DeployingCiscoNetworkIPS"This
chapterdescribesthetasksanddecisionsyouneedto
makeduringtheimplementationofareal-worldNIPS
deployment,usingtheCiscoNetworkIntrusion


PreventionSystemproductsasanexample.
-Chapter11,"DeploymentScenarios"Thischapter
coversanassortmentofIPSdeploymentscenarios
whereeachscenariousesadifferenttypeofcompany
asanexample.
PartV:Appendix
-AppendixA,"SampleRequestforInformation(RFI)
Questions"ThisappendixprovidesasampleRFItohelp
thereaderunderstandsomeoftheissuesthatneedto
beconsideredwhendefiningyourIPSdeployment
requirements.
GlossaryTheglossaryprovidesthedefinitionsforvarious
termsrelatedtoIntrusionPreventionalongwithdefinitions
ofothertermsrelatedtothebookthatthereadermight
needtounderstand.




PartI:IntrusionPreventionOverview


Chapter1IntrusionPreventionOverview



Chapter2SignaturesandActions



Chapter3OperationalTasks



Chapter4SecurityinDepth


Chapter1.IntrusionPreventionOverview
Computerandnetworksecurityproductsevolve.Likeliving
things,theychange,grow,andadapttoreflecttheconditions
aroundthem.Specifically,newthreatstosecurityforce
conditionsinwhichsecurityproductsadaptbyimplementing
countermeasuresthatcanhandlethenewthreats.Examining
thebirthofaproductanditsevolutionhelpsyouunderstand
whytheproductexists,whatitcando,andhowitmightchange
inthefuture.
IntrusionPreventionSystems(IPS)aresecurityprotection
devicesorapplicationsthatcanpreventattacksagainstyour
networkdevices.Thesesystemsbeganlifeasanadjunct
featureofcontemporaryproducts,suchasfirewallsand
antivirusproducts,andevolvedintoanindependentandfullfeaturedsetofproductsintheirownright.Youfindtwotypesof
IPSs:NetworkandHost.Thischapterexaminesthefactorsthat
ledtotheexistenceofIPSs.Itdescribestheevolutionof
computersecuritythreats,theevolutionofattackmitigation,
andsomeoftheIPSs'capabilities.




EvolutionofComputerSecurityThreats
Securitythreatshavealwaysbeenaround.Anythingofvalue
makesaviabletargetforathief.Traditionally,theftrequired
physicalaccesstotheobjectbeingstolen,limitingthenumber
ofattackersandincreasingthechancesoftheperpetrator's
beingcaught.Thismodelappliedtoinitialpersonalcomputer
systemsinwhichthecomputerwastreatedlikeanotherpiece
ofexpensiveelectronicequipmentworthstealing.
Initially,mainframesandminicomputersallowedaccesstoa
limitednumberofdirectlyconnecteddumbterminals.Gradually,
theneedforextendedconnectivitybecamemoreimportant.
Thisneedforconnectivityledtodialupaccesstomainframes
andminicomputers.Addingdialupconnectivityincreasedthe
scopeofattackersbyenablinganyoneacrosstheworld(with
accesstoatelephoneandacomputerwithamodem)to
attempttoaccessthesystems.Thisaccess,however,wasstill
fairlylimitedinthatattackershadtodeterminethephone
numbertousetoconnecttothecomputersystemandpaythe
longdistancechargesiftheywerenotinthesamephysical
vicinityasthesystembeingaccessed.Furthermore,because
mainframesandminicomputerswereveryexpensive,attackers
haddifficultygainingaccesstoasystemtotrytofindsecurity
vulnerabilities(exceptonthelimitednumberofoperational
systems).
ThedevelopmentoftheInternethascreatedanenvironmentin
whichmillionsofcomputersacrosstheworldareallconnected
toeachother.Furthermore,accesstothisnetworkisfairly
ubiquitousandcheap,enablinganythievesintheworldto
targetyourcomputer,regardlessoftheirphysicallocation.
Personalcomputersarenowalsocheap.Attackerscaneasily
(andcosteffectively)setupvariouscomputerswithdifferent
operatingsystemsandsearchforexploitablevulnerabilities.
Searchingforvulnerabilitiesonsystemsthattheycontrol


enablesattackerstorefinetheirexploitcodebeforeusingiton
actualsystems.Aftertheyfindanewvulnerabilityanddevelop
anexploit,theycanattacksimilarsystemsacrosstheworld.
Therefore,thewayyouprotectyourcomputerassetshasto
changetomatchthisnewthreatlandscape.Inaddition,the
internationalanddistributednatureoftheInternetmakesit
verydifficulttoregulateandcontrolattacksagainstcomputer
systems.
Toprotectaccesstointernalnetworks,mostcompaniesdeploy
afirewallattheirnetworkperimetertolimitexternalaccess.
Thedevelopmentofwirelessnetworkaccess(another
technologicalenhancement)hasenabledattackerstobypass
theseperimeterprotectionmechanisms.Withwirelessaccess,
usersdonotneedtobephysicallyconnectedtogainaccessto
thenetwork.Theproblemisthatwirelessconnectivitydoesnot
stopatthewallsofyourbuilding.Inmanydeployments,
attackerscansitintheparkinglotinfrontofyourbusinessand
potentiallygainaccesstoyourwirelessnetwork.Withoutproper
protection,thiswirelessaccessgivesattackersdirect
connectivitytoyourinternalnetwork.[clickhere]


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×