| With human society increasing requirements for Internet, especially since 1993, Internet/Intranet technology has quickly developed. Various kinds of information actions carried on through Internet/Intranet are increasing gradually. More and more organisms and enterprises have set up inner networks which are connected with internet. The business secrets in the networks are intruders'hunt target. Network security problems are gradually becoming a vital key which is to Internet and web services development. Intrusion detection technology collects, analyses some key nodes information of computer network and/or computer system. And it can find behaviors violating security policies and attacked signs in computer network and computer system. The combination of software and hardware detecting intrusion is Intrusion Detection System, abbreviated as IDS. According to IDS's monitor policy and data source, we can divide IDS into two kinds: Host-based Intrusion Detection System and Network Intrusion Detection System. We only discuss NIDS in this paper. NIDS is used to check network datum, monitor network scans and network attacks. It can also find network security threats. NIDS'aim is to assist administrator correctly dealing system security threats and quickly responding to them. But NIDS only check the data exchanges which come from directly connected network and it can't check data exchanges from other network. NIDS often uses detection methods based rule characters for the sake of performance. It can check out some common network attacks, but it is hard to detect network attacks which need large compute and long analysis time. At the same time NIDS has trouble in dealing with encrypted network datum. While battling with the invaders, Honeypot is regarded as another kind of effective information security technology. It has got extensive attentions and recognition in computer security realm. Honeypot can puzzle invaders according to intension of honeypot and quickly detect invaders'attack actions and invaders'attack purpose. That honeypot are not limited to solving a certain concrete problem is different from other security products. How use honeypot totally depend on the user and goals need accomplish. After establishing Honeypot, it is all illegal that any honeypot resource is used and accessed. Honeypot brings huge value to security detection realm. Security detection realm faces three common difficult problems including error report, ignore report and data integrity. Due to honeypot's concise, it has effectively solved these problems. NIDS can detection network attack not only from inter network but also from outer network. Network attacks from the former are more frequent, more covered and more dangerous than ones from the latter. We may deploy honeypot system and entrap attack actions from inner network in our intension. We can easily trace inner invader. During developing ERP, some security technologies such as data encryption, figure signature and SSL are adopted and make information system safer to some extension. ERP are deployed independently from the network security tactics at present. With combining Honeypot's characteristics and NIDS', we may construct Honeytoken bait datum according to ERP's security requirement and expand NIDS application layer module. Through monitoring Honeytoken bait datum, track in real time and analyses invader's illegal invasion behaviors and the purposes, send out the alarm messages to system logs. It make system administrator enhance the secrecy policy of the sensitive datum and guarantee the security of data resources. We have build J2EE architecture and use Snort as NIDS in our experiment. We use JNI method to call NIDS'enterprise application layer module from J2EE. Through observing experiment phenomena, we can find the Snort which expands application lay function can track and analyze suspicious visitors who access Honeytoken datum. Due to Honeypot's concise, effective character, the NIDS with Honeypot has the same character. We have sufficient reasons to believe visitors who access honeypot datum are suspicious. By NIDS logs, we can synthetically analyze suspicious visitor's action information, find out latent system security leak and enhance the secrecy policy. To general NIDS system, the NIDS with Honeypot is more overall defense to the network attacks and has certain early warning function to the unknown assault way and means of attacking. To IDS based host, the NIDS with Honeypot has the few advantages: taking up system resources small and making the system operating expenses low. Such new-type NIDS system has very large value and good prospects in such safe fields as ERP, etc.
|
PDF Full Text Request