网络安全信息检测与管理
|
摘要
随着网络技术的飞速发展,网络安全越来越受到重视。通过研究漏洞扫描,我们能够尽早地发现网络或系统中存在的安全漏洞,并及时采取适当的措施进行修补,从而有效地阻止入侵事件的发生。网络拓扑发现在故障检测和网络升级方面具有重要的意义。漏洞扫描和网络拓扑发现是入侵检测报警管理与入侵响应系统的一部分。
一方面,本文在研究漏洞扫描的基础上,深入分析了网络漏洞扫描器Nessus。主要内容如下:
1.分析了漏洞扫描的原理,介绍了CVE(Common Vulnerabilities andExposures)标准。
2.介绍了Nessus的体系结构和基于插件技术的扫描策略,包括Nessus的安装和配置。
3.研究了Nessus漏洞扫描脚本语言NASL,Nessus插件的基本结构和开发流程,并给出了一个NASL脚本的例子。
4.对Nessus的.nsr格式的扫描报告进行信息检索与提取,将漏洞和操作系统信息自动写入数据库中。
另一方面,本文讨论了几种常用的网络拓扑结构搜索方法,详细分析了简单网络管理协议(SNMP)的体系结构:管理信息结构(SMI),管理信息库(MIB)和SNMP协议。接着本文提出了基于SNMP和ICMP的两级拓扑发现算法。
一级拓扑主要发现路由器和与之直接相连的子网;二级拓扑主要是搜索子网内的活动主机。另外,一级拓扑发现主要采用WinSNMP API访问管理信息库(MIB)的方法来获取路由器的各种信息,而二级拓扑发现通过调用动态链接库ICMP.dll来实现ping操作。最后对网络拓扑结构图进行了动态绘制,并把拓扑信息存储到数据库中。
The network security has been paid more attention with the rapid development of network technology. Through studying vulnerability scan, we can discover those security vulnerabilities within the network or systems as soon as possible, and adopt suitable measures to remedy them, so the intruding cases could be effectively prevented to happen. The network topology discovery has important meaning on fault detection and network upgrade. Vulnerability scan and network topology discovery are a part of Intrusion Detection Alert Management & Intrusion Response System.
On one hand, the paper deeply analyzes a network vulnerability scanner called Nessus based on studying vulnerability scan. The main content is as follows:
1. Analyzing the principle of vulnerability scan, and introducing the criteria of CVE.
2. Introducing the architecture of Nessus and its scan strategy based on plugin technology, including the installation and setting of Nessus.
3. Studying NASL which is the scripting language of Nessus vulrability scan, and the basic structure and developing flow of Nessus plugins. Besides, giving a NASL scripting for example.
4. Searching and obtaining the content of Nessus scan report of .nsr format, then writing the information of vulnerabilities and operation systems into the database automatically.
On the other hand, the paper discusses several commonly used methods for network topology structure discovery, and analyzes SNMP architecture in detail: SMI, MIB and SNMP. Then the paper proposes a topology discovery algorithm of two degrees based on SNMP and ICMP.
In the first degree, the router and the subnets which are directly linked to the router are detected. In the second degree, the main task of topology discovery is to search the active hosts in every subnet. Besides, topology discovery in the first degree obtains all information of the router by using WinSNMP API to access MIB, and topology discovery in the second degree implements the operation of ping by invoking ICMP.dll. At last, the paper draws the map of network topology structure dynamicly, and saves the topology information into the database.
一方面,本文在研究漏洞扫描的基础上,深入分析了网络漏洞扫描器Nessus。主要内容如下:
1.分析了漏洞扫描的原理,介绍了CVE(Common Vulnerabilities andExposures)标准。
2.介绍了Nessus的体系结构和基于插件技术的扫描策略,包括Nessus的安装和配置。
3.研究了Nessus漏洞扫描脚本语言NASL,Nessus插件的基本结构和开发流程,并给出了一个NASL脚本的例子。
4.对Nessus的.nsr格式的扫描报告进行信息检索与提取,将漏洞和操作系统信息自动写入数据库中。
另一方面,本文讨论了几种常用的网络拓扑结构搜索方法,详细分析了简单网络管理协议(SNMP)的体系结构:管理信息结构(SMI),管理信息库(MIB)和SNMP协议。接着本文提出了基于SNMP和ICMP的两级拓扑发现算法。
一级拓扑主要发现路由器和与之直接相连的子网;二级拓扑主要是搜索子网内的活动主机。另外,一级拓扑发现主要采用WinSNMP API访问管理信息库(MIB)的方法来获取路由器的各种信息,而二级拓扑发现通过调用动态链接库ICMP.dll来实现ping操作。最后对网络拓扑结构图进行了动态绘制,并把拓扑信息存储到数据库中。
The network security has been paid more attention with the rapid development of network technology. Through studying vulnerability scan, we can discover those security vulnerabilities within the network or systems as soon as possible, and adopt suitable measures to remedy them, so the intruding cases could be effectively prevented to happen. The network topology discovery has important meaning on fault detection and network upgrade. Vulnerability scan and network topology discovery are a part of Intrusion Detection Alert Management & Intrusion Response System.
On one hand, the paper deeply analyzes a network vulnerability scanner called Nessus based on studying vulnerability scan. The main content is as follows:
1. Analyzing the principle of vulnerability scan, and introducing the criteria of CVE.
2. Introducing the architecture of Nessus and its scan strategy based on plugin technology, including the installation and setting of Nessus.
3. Studying NASL which is the scripting language of Nessus vulrability scan, and the basic structure and developing flow of Nessus plugins. Besides, giving a NASL scripting for example.
4. Searching and obtaining the content of Nessus scan report of .nsr format, then writing the information of vulnerabilities and operation systems into the database automatically.
On the other hand, the paper discusses several commonly used methods for network topology structure discovery, and analyzes SNMP architecture in detail: SMI, MIB and SNMP. Then the paper proposes a topology discovery algorithm of two degrees based on SNMP and ICMP.
In the first degree, the router and the subnets which are directly linked to the router are detected. In the second degree, the main task of topology discovery is to search the active hosts in every subnet. Besides, topology discovery in the first degree obtains all information of the router by using WinSNMP API to access MIB, and topology discovery in the second degree implements the operation of ping by invoking ICMP.dll. At last, the paper draws the map of network topology structure dynamicly, and saves the topology information into the database.
引文
[1]刘嫔,唐朝京,张森强.基于网络的安全漏洞分类与扫描分析.信息与电子工程.2004,12.第2卷,第4期.318-319.
[2]吕镇邦,张军才,张军.网络安全漏洞扫描与脆弱性分析研究.航空计算技术.2005,6.第35卷,第2期.119-120.
[3]黄家林,姚景周,周婷.网络扫描原理的研究.计算机技术与发展.2007,6.第17卷,第6期.148-149.
[4]莫闯.漏洞扫描技术研究[学位论文].中国贵阳.贵州大学.2006.14-17.
[5]The MITRE Corporation.Common Vulnerabilities and Exposures.http://cve.mitre.org/.
[6]Tenable Network Security.Nessus Credential Checks for Unix and Windows.http://www.nessus.org/documentation/nessus_credential_checks.pdf.2008,12.
[7]Mike Chapple.Nessus Technical Guide.http://searchsecurity.techtarget.com/.2006.
[8]聂影.分析Nessus扫描器[学位论文].中国长春.吉林大学.2007.13-17.
[9]Renaud Deraison.The Nessus Attack Scripting Language Reference Guide.http://asignaturas.diatel.upm.es/seguridad/trabajos/trabajos/curso%2001%2002/nasl_guide.pdf.2002.1-22.
[10]Renaud Deraison,Noam Rathaus,HD Moore.Nessus Network Auditing.Syngress;1 edition.2004,7.38-532.
[11]肖辉,张玉清.Nessus插件开发及实例.计算机工程.2007,1.第33卷,第2期.242-243.
[12]沈炜,徐慧.Visual C++数据库编程技术与实例.北京.人民邮电出版社.2005.223-413.
[13]穆成坡,黄厚宽,田盛丰.基于多层模糊综合评判的入侵检测系统报警验证.计算机应用.2006,3.第26卷,第3期.553-556.
[14]王志刚,王汝传,王绍棣,张登银.网络拓扑发现算法的研究.通信学报.2004,8.第25卷,第8期.37-40.
[15]Benoit Donnet,Philippe Raoult,Timur Friedman,PMark Crovella.Efficient algorithms for large-scale topology discovery.ACM SIGMETRICS Performance Evaluation Review.Vol.33,No.1.2005,6.327-338.
[16]J.PosteI.INTERNET CONTROL MESSAGE PROTOCOL RFC792.1981,9.
[17]William Stallings著.胡成松,汪凯译.SNMP网络管理.北京.中国电力出版社.2001.250-413.
[18]孙桂萍.基于SNMP协议的网络拓扑自动发现的方法与实现[学位论文].中国济南.山东大学.2006.9-15.
[19]Larry Walsh.SNMP MIB Handbook-The Essential Guide to MIB Development,Use and Diagnosis.Wyndham Press.2008,3.51-399.
[20]K.McCloghrie,M.Rose.Management Information Base for Network Management of TCP/IP-based intemets:MIB-Ⅱ.RFC 1213.1991.
[21]张学诚,曹宝香,王云晓,张颖.利用MIB库实现校园网拓扑自动发现和绘制.信息技术与信息化.2007.第5期.105-107.
[22]李国新.基于SNMP协议的网络管理的研究与实现技术.电脑与信息技术.2007,10.第15卷,第5期.41-43.
[23]孟静,廖志刚.网络拓扑搜索的高效完备性算法研究.计算机工程与应用.2002.第38卷,第14期.167-169.
[24]刘振山,徐孟春,程玮玮.基于SNMP协议的网络拓扑结构发现.信息工程大学学报.2003,12.第4卷,第4期.
[25]Winsock Programmer's FAQ Examples:Ping:ICMP.DLL Method.http://tangentsoft.net/wskfaq/examples/dllping.html.
[26]李晓鸿.基于SNMP的IP网络拓扑信息的发现与应用[学位论文].中国长沙.湖南大学.2003.47-49.
[27]曾伟.基于WinSNMP的网络管理技术研究.武汉理工大学学报.2007,12.第29卷,第12期.15-18.
[2]吕镇邦,张军才,张军.网络安全漏洞扫描与脆弱性分析研究.航空计算技术.2005,6.第35卷,第2期.119-120.
[3]黄家林,姚景周,周婷.网络扫描原理的研究.计算机技术与发展.2007,6.第17卷,第6期.148-149.
[4]莫闯.漏洞扫描技术研究[学位论文].中国贵阳.贵州大学.2006.14-17.
[5]The MITRE Corporation.Common Vulnerabilities and Exposures.http://cve.mitre.org/.
[6]Tenable Network Security.Nessus Credential Checks for Unix and Windows.http://www.nessus.org/documentation/nessus_credential_checks.pdf.2008,12.
[7]Mike Chapple.Nessus Technical Guide.http://searchsecurity.techtarget.com/.2006.
[8]聂影.分析Nessus扫描器[学位论文].中国长春.吉林大学.2007.13-17.
[9]Renaud Deraison.The Nessus Attack Scripting Language Reference Guide.http://asignaturas.diatel.upm.es/seguridad/trabajos/trabajos/curso%2001%2002/nasl_guide.pdf.2002.1-22.
[10]Renaud Deraison,Noam Rathaus,HD Moore.Nessus Network Auditing.Syngress;1 edition.2004,7.38-532.
[11]肖辉,张玉清.Nessus插件开发及实例.计算机工程.2007,1.第33卷,第2期.242-243.
[12]沈炜,徐慧.Visual C++数据库编程技术与实例.北京.人民邮电出版社.2005.223-413.
[13]穆成坡,黄厚宽,田盛丰.基于多层模糊综合评判的入侵检测系统报警验证.计算机应用.2006,3.第26卷,第3期.553-556.
[14]王志刚,王汝传,王绍棣,张登银.网络拓扑发现算法的研究.通信学报.2004,8.第25卷,第8期.37-40.
[15]Benoit Donnet,Philippe Raoult,Timur Friedman,PMark Crovella.Efficient algorithms for large-scale topology discovery.ACM SIGMETRICS Performance Evaluation Review.Vol.33,No.1.2005,6.327-338.
[16]J.PosteI.INTERNET CONTROL MESSAGE PROTOCOL RFC792.1981,9.
[17]William Stallings著.胡成松,汪凯译.SNMP网络管理.北京.中国电力出版社.2001.250-413.
[18]孙桂萍.基于SNMP协议的网络拓扑自动发现的方法与实现[学位论文].中国济南.山东大学.2006.9-15.
[19]Larry Walsh.SNMP MIB Handbook-The Essential Guide to MIB Development,Use and Diagnosis.Wyndham Press.2008,3.51-399.
[20]K.McCloghrie,M.Rose.Management Information Base for Network Management of TCP/IP-based intemets:MIB-Ⅱ.RFC 1213.1991.
[21]张学诚,曹宝香,王云晓,张颖.利用MIB库实现校园网拓扑自动发现和绘制.信息技术与信息化.2007.第5期.105-107.
[22]李国新.基于SNMP协议的网络管理的研究与实现技术.电脑与信息技术.2007,10.第15卷,第5期.41-43.
[23]孟静,廖志刚.网络拓扑搜索的高效完备性算法研究.计算机工程与应用.2002.第38卷,第14期.167-169.
[24]刘振山,徐孟春,程玮玮.基于SNMP协议的网络拓扑结构发现.信息工程大学学报.2003,12.第4卷,第4期.
[25]Winsock Programmer's FAQ Examples:Ping:ICMP.DLL Method.http://tangentsoft.net/wskfaq/examples/dllping.html.
[26]李晓鸿.基于SNMP的IP网络拓扑信息的发现与应用[学位论文].中国长沙.湖南大学.2003.47-49.
[27]曾伟.基于WinSNMP的网络管理技术研究.武汉理工大学学报.2007,12.第29卷,第12期.15-18.