无线入侵检测系统在国税网络中的应用
|
摘要
入侵检测系统(IDS,Intrusion Detection System)是网络主要防护体系的重要组成部分。IDS是一种主动的网络安全防护措施,它从系统内部和各种网络资源中主动采集信息,从中分析可能的网络入侵或攻击。
IDS为支持无线访问的网络提供了一个道额外的安全防线。为网络引入了无线访问能力之后,网络的安全风险也会显著增加。而防火墙和虚拟专用网络VPN提供的保护可能并不充分。因此对无线入侵检测系统进行研究,并进行正确的安装,配置和部署就显得尤为重要。
无线网络由于自身的特点,面临着比有线网络更多、更严重的威胁,如:易受窃听。难于检测。易受大攻率干扰。易受插入攻击。易受拒绝服务攻击(DoS)。“基站”伪装。移动漫游带来的审计、管理难题。无线信道的高误码率限制了某些加密算法的应用。
作者在导师的指导下,通过查阅多种资料,并联系到工作实际,认为要研究无线入侵检测系统,首先要研究无线入侵,然后再研究入侵检测系统。不但要研究无线网络的软件,而且要研究无线网络的硬件。
因此,本论文的第一章从无线网络的安全威胁着手,简要介绍了IDS的任务。第二章简要介绍了无线网络的硬件设备,因为硬件设备的配置和使用,同样严重影响着无线网络的安全。第三章详细介绍了无线网络传输协议802.11标准。然后单列一章介绍了WEP的安全性,因为WEP是802.11标准提供的数据保护机制,而恰恰这种机制存在缺陷,才造成了现在的许多安全问题。接着作者介绍了黑客攻击无线网络的过程和使用的工具,因为只有知道了敌人是如何“攻”,我们才能知道如何尽可能地“防”。在第六章,详细介绍了入侵检测系统,以及它的弱点和发展趋势。最后一章,作者作为国税系统的一名网络维护员,基于工作实际,介绍了无线网络在国税计算机网络中的应用,以及采取的一些安全措施,并指出了应采用的安全实现方案。
期望通过对无线入侵检测系统进行研究,能对国税系统内部计算机网络的安全保护起到一定的指导作用。
IDS is an important part of the main net-protection system. IDS is a kind of active safeguard measure of net-protection, it collects information actively from the inside of system and various network resources, from which analyses the possibility of being invaded and attacked.
IDS offers an extra safe defense-line for supporting wireless network. After introducing wireless access ability for the network, the security risk of the network will increase notably too. The protection of fire-wall and VPN may be not enough.
Therefore, conducting the research to the wireless IDS, and carrying on the correct installment, the disposition and the deployment appears especially important.
As a result of its own characteristics, the wireless network faces with more serious threats than the wired network, such as : being wiretapped easily, being detected difficultly, being disturbed by high-power easily ,being attacked by inserting easily ,being attacked by‘DoS’easily, the camouflage of mobile communication's radio station and the auditing and management problems brought by mobile roaming .The high error rate of wireless channel limits some applications of encryption algorithms.
Under the mentor's instruction, by consulting many kinds of materials, with the work experiences, the author think that if we will study the wireless IDS, we must study the wireless intrusion first, and then study the IDS. We must study not only the software of wireless network but also the hardware of wireless network.
Therefore, the first chapter of the present paper begins from the wireless network safe threat, and briefly introduces the IDS’duties. The Second chapter briefly introduces the hardware equipment of wireless network, because the disposition and the use of the hardware equipment also affect the wireless network’s security seriously. The third chapter in detail introduces the wireless network transmission agreement 802.11 standard. Then the next single chapter briefly introduces the WEP’s security, because WEP is the data protection mechanism which 802.11 standard provides, but this kind of mechanism has some flaws by which creates many security problems. Then the writer introduces the process of hackers attacking wireless network and the using tools by hackers, because only after we know how the enemy "do attack", we can know how "guard against" as far as possible. In the sixth chapter, the IDS as well as its weakness and development tendency are introduced in detail. In the last chapter, based on the work experiences, as a network system administrator in The National Taxation Bureau, the writer introduces the application of wireless network in the National Taxation computer network as well as some security measures, and points out the executing plans which should be adopted.
The writer really hope that the research to the wireless IDS can help the interior computer network safekeeping of National Taxation Department.
IDS为支持无线访问的网络提供了一个道额外的安全防线。为网络引入了无线访问能力之后,网络的安全风险也会显著增加。而防火墙和虚拟专用网络VPN提供的保护可能并不充分。因此对无线入侵检测系统进行研究,并进行正确的安装,配置和部署就显得尤为重要。
无线网络由于自身的特点,面临着比有线网络更多、更严重的威胁,如:易受窃听。难于检测。易受大攻率干扰。易受插入攻击。易受拒绝服务攻击(DoS)。“基站”伪装。移动漫游带来的审计、管理难题。无线信道的高误码率限制了某些加密算法的应用。
作者在导师的指导下,通过查阅多种资料,并联系到工作实际,认为要研究无线入侵检测系统,首先要研究无线入侵,然后再研究入侵检测系统。不但要研究无线网络的软件,而且要研究无线网络的硬件。
因此,本论文的第一章从无线网络的安全威胁着手,简要介绍了IDS的任务。第二章简要介绍了无线网络的硬件设备,因为硬件设备的配置和使用,同样严重影响着无线网络的安全。第三章详细介绍了无线网络传输协议802.11标准。然后单列一章介绍了WEP的安全性,因为WEP是802.11标准提供的数据保护机制,而恰恰这种机制存在缺陷,才造成了现在的许多安全问题。接着作者介绍了黑客攻击无线网络的过程和使用的工具,因为只有知道了敌人是如何“攻”,我们才能知道如何尽可能地“防”。在第六章,详细介绍了入侵检测系统,以及它的弱点和发展趋势。最后一章,作者作为国税系统的一名网络维护员,基于工作实际,介绍了无线网络在国税计算机网络中的应用,以及采取的一些安全措施,并指出了应采用的安全实现方案。
期望通过对无线入侵检测系统进行研究,能对国税系统内部计算机网络的安全保护起到一定的指导作用。
IDS is an important part of the main net-protection system. IDS is a kind of active safeguard measure of net-protection, it collects information actively from the inside of system and various network resources, from which analyses the possibility of being invaded and attacked.
IDS offers an extra safe defense-line for supporting wireless network. After introducing wireless access ability for the network, the security risk of the network will increase notably too. The protection of fire-wall and VPN may be not enough.
Therefore, conducting the research to the wireless IDS, and carrying on the correct installment, the disposition and the deployment appears especially important.
As a result of its own characteristics, the wireless network faces with more serious threats than the wired network, such as : being wiretapped easily, being detected difficultly, being disturbed by high-power easily ,being attacked by inserting easily ,being attacked by‘DoS’easily, the camouflage of mobile communication's radio station and the auditing and management problems brought by mobile roaming .The high error rate of wireless channel limits some applications of encryption algorithms.
Under the mentor's instruction, by consulting many kinds of materials, with the work experiences, the author think that if we will study the wireless IDS, we must study the wireless intrusion first, and then study the IDS. We must study not only the software of wireless network but also the hardware of wireless network.
Therefore, the first chapter of the present paper begins from the wireless network safe threat, and briefly introduces the IDS’duties. The Second chapter briefly introduces the hardware equipment of wireless network, because the disposition and the use of the hardware equipment also affect the wireless network’s security seriously. The third chapter in detail introduces the wireless network transmission agreement 802.11 standard. Then the next single chapter briefly introduces the WEP’s security, because WEP is the data protection mechanism which 802.11 standard provides, but this kind of mechanism has some flaws by which creates many security problems. Then the writer introduces the process of hackers attacking wireless network and the using tools by hackers, because only after we know how the enemy "do attack", we can know how "guard against" as far as possible. In the sixth chapter, the IDS as well as its weakness and development tendency are introduced in detail. In the last chapter, based on the work experiences, as a network system administrator in The National Taxation Bureau, the writer introduces the application of wireless network in the National Taxation computer network as well as some security measures, and points out the executing plans which should be adopted.
The writer really hope that the research to the wireless IDS can help the interior computer network safekeeping of National Taxation Department.
引文
[1] 中国信息安全产品测评认证中心.信息安全理论与技术.北京:人民邮电出版社,2003.21
[2] 曹秀英,耿嘉,沈平等编著.无线局域网安全系统.北京:电子工业出版社,2004.3,27
[3] Dr.Cyrus Peikari Seth Fogie 著,Maximum Wireless Security.周靖等译.北京:电子工业出版社,2004.45,68~75,168
[4] 宋劲松编著.网络入侵检测:分析、发现和报告攻击.北京:国防工业出版社,2004.9
[5] 国家税务总局信息中心,北京北大方正集团公司.金税网络项目理论培训教材.2000.29
[6] 四川省国家税务局信息中心, 四川省国家税务局综合征管软件专网建设方案.2005.
[2] 曹秀英,耿嘉,沈平等编著.无线局域网安全系统.北京:电子工业出版社,2004.3,27
[3] Dr.Cyrus Peikari Seth Fogie 著,Maximum Wireless Security.周靖等译.北京:电子工业出版社,2004.45,68~75,168
[4] 宋劲松编著.网络入侵检测:分析、发现和报告攻击.北京:国防工业出版社,2004.9
[5] 国家税务总局信息中心,北京北大方正集团公司.金税网络项目理论培训教材.2000.29
[6] 四川省国家税务局信息中心, 四川省国家税务局综合征管软件专网建设方案.2005.