| By the development of computer science and network technology, the circumstances on the security of information and network are increasingly rigorous. Since various of events about computer security have happened, it comes to be a common target of computer administrators in the world that how to take some steps in the terms of technology, management, and law to keep the information and security of computers from being destroyed. Computer security technology includes mainly : Authentication, Encryption, Access Control, Auditing and so on. Intrusion Detection technology is one of the core technology of Auditing, and it is an important part of protection of network security.In this article, the origin and the development of Intrusion Detection technologies is introduced. More than that, the elements and principle of some pop attack in the network at present is analyzed in detail. On the basis of it, the design theorem about NEDS is probed into and a designer about a NEDS based on Linux(design the IDS centrally on Red Hat 9.0 OS) is given.The purpose of the IDS is to safeguard the security of the monitored computes and the network. EDS is one of the technologies, which is used to detect the behavior of disobey safety policy in compute network, and it can find out and report the unauthenticated or abnormal phenomena. During the past more than twenty years, EDS has developed at very fast speed and many system design modules have been brought forward, and besides many a commercial product has come forth since Denning put forward the conception of EDS at 1980's. In this paper, the elements and principle of some pop attack in the network at present, such as buffer overflow, DOS, IP disguise is analyzed in detail, and the particular structure design project of NEDS based on linux is discussed, in term of data resource, event database, and design plane. At the end of the paper, the circumstances and the localization of IDS study, feature of computer network is disbated, and the future development orientation of EDS is put forward.Owing to the appearance of the computer network, the problems about the security of computer network come into ially with the development of network, more and more problems come forth. Although network administrator have takennetwork, more and more problems come forth. Although network administrator have taken some steps, such as update operation system in order to wall up the system hole, setup firewall, to resolve the problems, there are still many security hidden troubles, such as caused by misuse of inside people, which can make firewall and so on useless. In this regard, IDS is the valid means to resolve the hidden troubles. On the understanding that the encryption techniques and firewall is static protection measure, IDS is a dynamic protection measure, which changes with the variety of network station.
|
PDF Full Text Request