漏洞扫描工具原理与实现
|
摘要
每个系统都有漏洞,不论你在系统安全性上投入多少财力,攻击者仍然可以发现一些可利用的特征和配置缺陷。亡羊补牢,毕竟羊已失去,不如在羊丢失之前,好好检查牢的漏洞,一旦发现及时修复。
本文详细讨论了网络系统存在的漏洞以及主要的解决方案。发现一个已知的漏洞,比发现一个未知漏洞容易得多,这就意味着:多数攻击者所利用的都是常见的漏洞,这些漏洞,均有书面资料记载。采用适当的工具,就能在黑客利用这些常见漏洞之前,查出系统的薄弱之处。快速简便地发现这些漏洞,是VSGW(Vulnerabilities Scanner of GardWay,国卫漏洞扫描)漏洞扫描工具的主要使命。漏洞,大体上分为两大类:1)软件编写错误造成的漏洞;2)软件配置不当造成的漏洞。VSGW能检测以上两种类型的漏洞。
VSGW漏洞扫描工具由两个主要模块组成:一是扫描模块,包括端口扫描和入侵扫描,二是漏洞库模块,包括对插件的分类和更新。VSGW的工作原理为:采用SSH通讯协议远程访问Unix/Linux主机,获取该主机的系统信息,主要是系统组件信息,然后在本地主机分析该主机的所有安装程序的版本信息,与本地漏洞库中的最新发布漏洞插件匹配,根据相应的规则判断远程主机各子系统是否存在漏洞,以及相应的风险级别。VSGW不仅能够提出风险预警,还能提供帮助用户修复漏洞的解决方案。VSGW与一般漏洞扫描扫描工具的最大的不同是:VSGW提供即时监控并对网络系统的安全提出预警。
本文所使用的技术主要有:插件技术,端口扫描,入侵检测,多线程,智能识别技术。
Each system has the vulnerabilities, no matter you put in how many financial resource in the system safety, the aggressor still might discover some may the use characteristic and the disposition flaw. Is better late than never, the sheep has lost after all, was inferior before sheep loss, inspects the jail well the vulnerabilities, once discovers the prompt repair.
This article discussed the network system existence vulnerabilities as well as the main solution in detail. Discovered that a known vulnerabilities, discovered an unknown vulnerabilities is much easier than, this means: The most aggressors use is the common vulnerabilities, these vulnerabilitiess, have the written material record. Uses the suitable tool, can before the hacker uses these common vulnerabilitiess, finds out system's weakness. Easily discovers these vulnerabilitiess fast, is LSGW (Leak Scanner of GardWay, country health vulnerabilities scanning) the vulnerabilities scans tool's main mission.
The vulnerabilities, divides into two broad headings on the whole: 1) the software compilation creates wrongly vulnerabilities; 2) the software disposes the vulnerabilities which creates improper. LSGW can examine above two types the vulnerabilities. The LSGW vulnerabilities scans the tool to be composed of two main modules: First, scanning module, including port scanning and invasion scanning; second, leaks the storage cavern construction module, including to plug-in unit's classification and renewal. The LSGW principle of work is: Uses the SSH communication protocol long-distance to inquire the Unix/Linux main engine, gains this main engine's system message, is mainly the system module information, then analyzes this main engine in the local host all the installation procedure the edition information, with local vulnerabilities storehouse in newest issue vulnerabilities plug-in unit match, according to corresponding rule judgment long-distance main engine various subsystems whether to have the vulnerabilities, as well as corresponding risk rank. LSGW not can only propose the risk early warning, but can also provide the help user repair vulnerabilities's solution. LGSM and the common vulnerabilities scan tool's biggest difference are: LSGW provides the immediate monitoring and proposes the early warning to network system's security.
本文详细讨论了网络系统存在的漏洞以及主要的解决方案。发现一个已知的漏洞,比发现一个未知漏洞容易得多,这就意味着:多数攻击者所利用的都是常见的漏洞,这些漏洞,均有书面资料记载。采用适当的工具,就能在黑客利用这些常见漏洞之前,查出系统的薄弱之处。快速简便地发现这些漏洞,是VSGW(Vulnerabilities Scanner of GardWay,国卫漏洞扫描)漏洞扫描工具的主要使命。漏洞,大体上分为两大类:1)软件编写错误造成的漏洞;2)软件配置不当造成的漏洞。VSGW能检测以上两种类型的漏洞。
VSGW漏洞扫描工具由两个主要模块组成:一是扫描模块,包括端口扫描和入侵扫描,二是漏洞库模块,包括对插件的分类和更新。VSGW的工作原理为:采用SSH通讯协议远程访问Unix/Linux主机,获取该主机的系统信息,主要是系统组件信息,然后在本地主机分析该主机的所有安装程序的版本信息,与本地漏洞库中的最新发布漏洞插件匹配,根据相应的规则判断远程主机各子系统是否存在漏洞,以及相应的风险级别。VSGW不仅能够提出风险预警,还能提供帮助用户修复漏洞的解决方案。VSGW与一般漏洞扫描扫描工具的最大的不同是:VSGW提供即时监控并对网络系统的安全提出预警。
本文所使用的技术主要有:插件技术,端口扫描,入侵检测,多线程,智能识别技术。
Each system has the vulnerabilities, no matter you put in how many financial resource in the system safety, the aggressor still might discover some may the use characteristic and the disposition flaw. Is better late than never, the sheep has lost after all, was inferior before sheep loss, inspects the jail well the vulnerabilities, once discovers the prompt repair.
This article discussed the network system existence vulnerabilities as well as the main solution in detail. Discovered that a known vulnerabilities, discovered an unknown vulnerabilities is much easier than, this means: The most aggressors use is the common vulnerabilities, these vulnerabilitiess, have the written material record. Uses the suitable tool, can before the hacker uses these common vulnerabilitiess, finds out system's weakness. Easily discovers these vulnerabilitiess fast, is LSGW (Leak Scanner of GardWay, country health vulnerabilities scanning) the vulnerabilities scans tool's main mission.
The vulnerabilities, divides into two broad headings on the whole: 1) the software compilation creates wrongly vulnerabilities; 2) the software disposes the vulnerabilities which creates improper. LSGW can examine above two types the vulnerabilities. The LSGW vulnerabilities scans the tool to be composed of two main modules: First, scanning module, including port scanning and invasion scanning; second, leaks the storage cavern construction module, including to plug-in unit's classification and renewal. The LSGW principle of work is: Uses the SSH communication protocol long-distance to inquire the Unix/Linux main engine, gains this main engine's system message, is mainly the system module information, then analyzes this main engine in the local host all the installation procedure the edition information, with local vulnerabilities storehouse in newest issue vulnerabilities plug-in unit match, according to corresponding rule judgment long-distance main engine various subsystems whether to have the vulnerabilities, as well as corresponding risk rank. LSGW not can only propose the risk early warning, but can also provide the help user repair vulnerabilities's solution. LGSM and the common vulnerabilities scan tool's biggest difference are: LSGW provides the immediate monitoring and proposes the early warning to network system's security.
引文
[1] 杨义先等编著《网络信息安全与保密》[M]北京邮电大学出版社 1998
[2] 蒋建春 编著,网络入侵检测原理与技术,国防工业出版社
[3] 李志强 网络漏洞扫描器的设计与实现
[4] 曹元大,杨帆,薛静锋,等.基于 UNIX 主机系统的漏洞扫描器的设计 [J] .北京理工大学学报,2002,22(6):715-717.
[5] 李晓明.高速防火墙的研究与实现[J] .微机发展,2004,14(6):104-105.
[6] 杨晓云,王建桥,杨涛,等.LINUX 程序设计[M] .北京:机械工业出版社,2002.
[7] 李萍. 加强 DIMS 建设管理,推进铁路调度指挥现代化
[8] 尹晓虎. DIMS 系统的管理与维护
[9] 刘晓莹 王 拓 黄永宣网络安全防护体系中网络管理技术的研究和应用
[10] 刘伟 远程连接和 VPN 网络安全防护解决方案
[11] 伍培.局域网实战作答.计算机应用文摘,1999.第四期。
[12] 崔亚峰,刘邦奇.校园网建设纲要.计算机世界日报,1999.6.21
[13] 胡谷雨. 现代通信网和计算机管理. 北京:电子工业出版社,1996
[14] 岑贤道,安长青. 网络管理协议及应用开发. 北京清华大学出版社,1997. 16—19,175—185
[15] 王腾蛟等,《新概念 Visual C++ 6.0 教程》,北京科海集团公司,2001
[16] 王宝智等,《全新计算机网络教程》,北京希望电子出版社,2001
[17] 单征等,《网络黑洞攻击与防范指南》,中国电力出版社,2002
[18] 程秉恢等,《黑客任务实战》,北京希望电子出版社,2002
[19] 王力等,《病毒武器与网络战争》,军事谊文出版社,2001
[20] 卢昱等,《网络安全技术》,中国物质出版社,2001
[21] 谢希仁. 计算机网络. 第二版. 北京:电子工业出版社,1999. 261—263
[22] VahaliaU.Unix 高级教程系统技术内幕[M] .北京:清华大学出版社,1999.
[23] ScambrayJ,McClureS,KurtzG.网络安全机密与解决方案[M] .杨继张译.北京:清华大学出版社,2000.
[24] Andrew S.Tanenbaum《计算机网络》[M] 清华大学出版社 1998
[25] Bruce Schneier《应用密码学 协议、算法与 C 源程序(第二版)AppliedCryptography Second Edition: Protocols, algorithms, and source code inc. 》[M]John Wiley & Sons, Inc 1996
[26] McClue,Secmbray,Kurtz 编著,黑客大曝光,北京:清华大学出版社
[27](美)Andrew S. Tsanenbaum 著.熊桂喜、王小虎等译.计算机网络(第三版).清华大学出版社,1998
[82] Meyer K.Erlinger M.Betser,J.et al.Decentralising control and intelligence in network management. Proceedings of International Symposium on Integrated Network Management,May 1995
[29] So,Y,Durfee,E.Distributed Big Brother.8th International Conference on Artificial Intelligence and Applications,1992
[30] Coldszmidt,German.Distributed management by delegation.Proceedings of 15th International Conference on Distributed Computer System,June
[31] Ray Hunt. SNMP,SNMPv2 and CMIP— the technologies for multivendor network management.Computer Computer Communication, 1997(3):73—88
[32] 张玉清 , 戴祖锋 , 谢崇斌. 安全扫描技术 M. 北京: 清华大学出版社 ,2004.
[33] 赵战生 , 杜虹 , 吕述望. 信息安全保密教程 M. 北京: 中国科学技术大学出版社 ,2006.
[34] 中国计算机学会信息保密专业委员. 中国计算机学会信息保密专业委员论文集 M. 合肥: 中国科学技术大学出版社 ,2006.
[35] 胡道元 , 闵京华. 网络安全 M. 合肥: 清华大学出版社 ,2004.
[36] 郭志峰. 阻止黑客进攻防卫技术 M. 北京: 清华大学出版社 ,2005.
[37]俞晓雯,高强,丁杰.一种入侵检测取证系统模型的设计.微机发展,2004.8:P117 - 119
[38]郎良等.漏洞检测与主动防御系统模型的研究与实现.计算机工程,2004.7:P38 - 40.
[39]马恒太,蒋建春. 基于 Agent 的分布式入侵检测系统模型. 软件学报,2005 ,11: (10) :P1312 - 1319.
[40]张勇,张德运.基于分布协作式代理的网络入侵检测技术的研究与实现.计算机学报,2006.24( 7) :P736 - 741.
[41]王学荣,曾晓勤.从面向对象数据库模式到关系数据库模式的转换[J].计算机工程与科学.2005.5:P100 - 107.
[42]张世永 网络安全原理与应用[M] 北京 科学出版社,2003.
[43]严晨曦 现代远程教育系统的网络安全[M] 北京: 科技出版社,2004.
[44]张翔 李雅峰 张自宾 网络入侵检测技术漫谈[M] 北京科技出版社,2004.
[45]黎连业,张维,向东明.防火墙及其应用技术[M].北京:清华大学出版社,2004.
[46] 阎慧,王伟,宁宇鹏.防火墙原理与技术[M].北京:机械工业出版社,2004.
[47] 程迎春. Windows 安全应用策略和实施方案手册[M].北京:人民邮电出版社,2005.
[48] 袁津生,郭敏哲.计算机网络与安全实用编程[M].北京:人民邮电出版社,2005.
[49] 石淑华,池瑞楠.计算机网络安全基础[M].北京:人民邮电出版社,2005.
[50] 沈苏彬.网络安全原理与应用[M].北京:人民邮电出版社,2005.
[51] Cuppens F. Managing Alerts in a Multi-intrusion Detection Environment[C]//Proceedings of the 17th Annual Computer Security Applications Conference. 2001-12.
[52] Debar H, Wespi A. Aggregation and Correlation of Intrusion-detection Alerts[C]//Proc. of the 4th International Symposium on Recent Advances in Intrusion Detection. 2001: 85 -103.
[53] Cuppens F, Miege A. Alert Correlation in a Cooperative Intrusion Detection Framework[C]//Proceedings of the IEEE Symposium on Security and Privacy. 2002-05.
[54] Porras P A, Fong M W, Valdes A. A Mission-impact Based Approach to INFOSEC Alarm Correlation[C]//Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection. 2002: 95-114.
[55] Ning P, Cui Y, Reeves D S. Constructing Attack Scenarios Through Correlation of Intrusion Alerts[C]//Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, D. C.. 2002: 245-254.
[56] Valdes A, Skinner K. Probabilistic Alert Correlation[C]//Proc. of the 4th International Symposium on Recent Advances in Intrusion Detection. 2001: 54-68.
[57] Dain O, Cunningham R. Building Scenarios from a Heterogeneous Alert Stream[C]//Proceedings of the IEEE Workshop on Information, Assurance and Security. 2001: 231-235.
[2] 蒋建春 编著,网络入侵检测原理与技术,国防工业出版社
[3] 李志强 网络漏洞扫描器的设计与实现
[4] 曹元大,杨帆,薛静锋,等.基于 UNIX 主机系统的漏洞扫描器的设计 [J] .北京理工大学学报,2002,22(6):715-717.
[5] 李晓明.高速防火墙的研究与实现[J] .微机发展,2004,14(6):104-105.
[6] 杨晓云,王建桥,杨涛,等.LINUX 程序设计[M] .北京:机械工业出版社,2002.
[7] 李萍. 加强 DIMS 建设管理,推进铁路调度指挥现代化
[8] 尹晓虎. DIMS 系统的管理与维护
[9] 刘晓莹 王 拓 黄永宣网络安全防护体系中网络管理技术的研究和应用
[10] 刘伟 远程连接和 VPN 网络安全防护解决方案
[11] 伍培.局域网实战作答.计算机应用文摘,1999.第四期。
[12] 崔亚峰,刘邦奇.校园网建设纲要.计算机世界日报,1999.6.21
[13] 胡谷雨. 现代通信网和计算机管理. 北京:电子工业出版社,1996
[14] 岑贤道,安长青. 网络管理协议及应用开发. 北京清华大学出版社,1997. 16—19,175—185
[15] 王腾蛟等,《新概念 Visual C++ 6.0 教程》,北京科海集团公司,2001
[16] 王宝智等,《全新计算机网络教程》,北京希望电子出版社,2001
[17] 单征等,《网络黑洞攻击与防范指南》,中国电力出版社,2002
[18] 程秉恢等,《黑客任务实战》,北京希望电子出版社,2002
[19] 王力等,《病毒武器与网络战争》,军事谊文出版社,2001
[20] 卢昱等,《网络安全技术》,中国物质出版社,2001
[21] 谢希仁. 计算机网络. 第二版. 北京:电子工业出版社,1999. 261—263
[22] VahaliaU.Unix 高级教程系统技术内幕[M] .北京:清华大学出版社,1999.
[23] ScambrayJ,McClureS,KurtzG.网络安全机密与解决方案[M] .杨继张译.北京:清华大学出版社,2000.
[24] Andrew S.Tanenbaum《计算机网络》[M] 清华大学出版社 1998
[25] Bruce Schneier《应用密码学 协议、算法与 C 源程序(第二版)AppliedCryptography Second Edition: Protocols, algorithms, and source code inc. 》[M]John Wiley & Sons, Inc 1996
[26] McClue,Secmbray,Kurtz 编著,黑客大曝光,北京:清华大学出版社
[27](美)Andrew S. Tsanenbaum 著.熊桂喜、王小虎等译.计算机网络(第三版).清华大学出版社,1998
[82] Meyer K.Erlinger M.Betser,J.et al.Decentralising control and intelligence in network management. Proceedings of International Symposium on Integrated Network Management,May 1995
[29] So,Y,Durfee,E.Distributed Big Brother.8th International Conference on Artificial Intelligence and Applications,1992
[30] Coldszmidt,German.Distributed management by delegation.Proceedings of 15th International Conference on Distributed Computer System,June
[31] Ray Hunt. SNMP,SNMPv2 and CMIP— the technologies for multivendor network management.Computer Computer Communication, 1997(3):73—88
[32] 张玉清 , 戴祖锋 , 谢崇斌. 安全扫描技术 M. 北京: 清华大学出版社 ,2004.
[33] 赵战生 , 杜虹 , 吕述望. 信息安全保密教程 M. 北京: 中国科学技术大学出版社 ,2006.
[34] 中国计算机学会信息保密专业委员. 中国计算机学会信息保密专业委员论文集 M. 合肥: 中国科学技术大学出版社 ,2006.
[35] 胡道元 , 闵京华. 网络安全 M. 合肥: 清华大学出版社 ,2004.
[36] 郭志峰. 阻止黑客进攻防卫技术 M. 北京: 清华大学出版社 ,2005.
[37]俞晓雯,高强,丁杰.一种入侵检测取证系统模型的设计.微机发展,2004.8:P117 - 119
[38]郎良等.漏洞检测与主动防御系统模型的研究与实现.计算机工程,2004.7:P38 - 40.
[39]马恒太,蒋建春. 基于 Agent 的分布式入侵检测系统模型. 软件学报,2005 ,11: (10) :P1312 - 1319.
[40]张勇,张德运.基于分布协作式代理的网络入侵检测技术的研究与实现.计算机学报,2006.24( 7) :P736 - 741.
[41]王学荣,曾晓勤.从面向对象数据库模式到关系数据库模式的转换[J].计算机工程与科学.2005.5:P100 - 107.
[42]张世永 网络安全原理与应用[M] 北京 科学出版社,2003.
[43]严晨曦 现代远程教育系统的网络安全[M] 北京: 科技出版社,2004.
[44]张翔 李雅峰 张自宾 网络入侵检测技术漫谈[M] 北京科技出版社,2004.
[45]黎连业,张维,向东明.防火墙及其应用技术[M].北京:清华大学出版社,2004.
[46] 阎慧,王伟,宁宇鹏.防火墙原理与技术[M].北京:机械工业出版社,2004.
[47] 程迎春. Windows 安全应用策略和实施方案手册[M].北京:人民邮电出版社,2005.
[48] 袁津生,郭敏哲.计算机网络与安全实用编程[M].北京:人民邮电出版社,2005.
[49] 石淑华,池瑞楠.计算机网络安全基础[M].北京:人民邮电出版社,2005.
[50] 沈苏彬.网络安全原理与应用[M].北京:人民邮电出版社,2005.
[51] Cuppens F. Managing Alerts in a Multi-intrusion Detection Environment[C]//Proceedings of the 17th Annual Computer Security Applications Conference. 2001-12.
[52] Debar H, Wespi A. Aggregation and Correlation of Intrusion-detection Alerts[C]//Proc. of the 4th International Symposium on Recent Advances in Intrusion Detection. 2001: 85 -103.
[53] Cuppens F, Miege A. Alert Correlation in a Cooperative Intrusion Detection Framework[C]//Proceedings of the IEEE Symposium on Security and Privacy. 2002-05.
[54] Porras P A, Fong M W, Valdes A. A Mission-impact Based Approach to INFOSEC Alarm Correlation[C]//Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection. 2002: 95-114.
[55] Ning P, Cui Y, Reeves D S. Constructing Attack Scenarios Through Correlation of Intrusion Alerts[C]//Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, D. C.. 2002: 245-254.
[56] Valdes A, Skinner K. Probabilistic Alert Correlation[C]//Proc. of the 4th International Symposium on Recent Advances in Intrusion Detection. 2001: 54-68.
[57] Dain O, Cunningham R. Building Scenarios from a Heterogeneous Alert Stream[C]//Proceedings of the IEEE Workshop on Information, Assurance and Security. 2001: 231-235.