摘要
近年来,随着网络技术的迅猛发展和因特网的广泛普及,网络安全问题变得日益突出,网络安全的一个主要威胁就是通过网络对信息系统的入侵。作为网络安全的一个重要组成部分,网络入侵检测系统(NIDS)也越来越显示出其重要性。
高等院校是新技术的孕育基地,随着信息化时代的到来,高等院校也在推进自己的信息化建设。随着校园网络规模的不断扩大,校园网络的安全问题也日益突出。仅仅依靠传统的防火墙技术并不能保证校园网络的安全。为此,本文提出使用入侵检测系统和防火墙相结合得方法实现校园网络的安全防护。NIDS能够监视网络数据流动情况,当入侵发生时能够提供报警。现在已经出现了很多商业的NIDS,但是它们大多比较复杂,比较难以掌握,而且比较昂贵,比较小的公司无法承受。
Snort2.0是一个出色的免费NIDS系统,它基于GPL,是一个强大的轻量级的网络入侵检测系统。本文首先介绍了入侵检测系统的分类,当前的研究现状,以及使用的主要技术和发展趋势。之后介绍了Snort2.0的体系结构、技术特点及其完成的功能,重点研究Snort2.0规则的组成、设置与运行情况;在此基础上提出了将Snort2.0入侵检测系统应用于校园网络中以保障校园网络的安全;给出了Snort2.0入侵检测系统在校园网络中的配置方案、安装使用方法、以及运行和测试方法。
经应用实验表明,在校园网中使用基于Snort2.0入侵检测系统可以有效的保证校园网络的安全可靠。
In recent years, with the rapid development of the network technology andthe extensive popularization of Internet, the security of network becomes moreand more important. A main threat of the network security is to invade to theinformation system through network. As one important component of networksecurity, the Network Intrusion Detection System (NIDS) becomes more andmore important.
Colleges and universities are a breeding base of the new technology. Withthe arrival of the information era, they are promoting their own informationconstruction. As the scale of the campus network becomes bigger and bigger, itssecurity problem will be more and more serious. Depends upon the traditionalfirewall technology can not be able to guarantee the campus network. Therefore,this article proposed the method of combining the NIDS and the firewall torealize the campus network safe protection. NIDS which is used for monitoringthe network data flow can alert when the intrusion happens. Already NIDS ofmuch commerce has appeared now, but they are mostly more complicated, moredifficult to master, and more expensive, and the smaller companies are unable tobear.
Snort2.0 is an outstanding and free NIDS system, which based on GPL, andit is also a strong NIDS of lightweight. Firstly this text introduces theclassification of the intrusion detection system, the current research circumstance,the trend of development and the technology used mostly. Secondly, this textintroduces the system architecture, technological characteristics and functions ofSnort2.0 IDS, mainly research the construction of the system, establishment andrunning of Snort 2.0 Intrusion Detection Rules. On the basis of study andexperiment, the paper proposes a design which uses Snort 2.0 in compus network to protect its security. Meanthwhile, the configuration scheme, the method ofinstalling and using, the situation of running and test of the Snort2.0 IDS incampus network are given.
The application and test result shows that, the NIDS based on snort2.0 canguarantee the campus network well.
引文
1 张超,霍红卫.入侵检测系统概述.计算机工程与应用,2004:116~119
2 王晓程,刘思德.网络入侵检测系统的研究.计算机工程与科学,2000,(22):128~131
3 胡亮,康健.入侵检测系统.吉林大学学报(信息科学版),2002:(20):46~53
4 祁建清,杨正.IDS研究概述.电子对抗技术,2001,16(4):25~28
5 林曼筠,钱华林.入侵检测系统:原理、入侵隐藏与对策.微电子学与计算机,2002:28~30
6 王怀滨,李好.入侵检测系统(IDS)介绍.上海微型计算机,2000,(15):68~70
7 Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, David lsacoff, et al. An Architecture for Intrusion Detection using Autonomous Agents. COAST Technical Report, 1998: 126~127
8 Biswanath Mukherjee, L Todd Heberlein and Karl N Levitt. Network Intrusion Detection, IEEE Network, May/June 1994: 26~41
9 Stoica I, Zhang H. Providing guaranteed services without per flow management. Proceedings of ACM SIGCOMM'99. Boston: MA, 1999: 81~94.
10 Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, et al. Hash-Based IP Traceback. Proc. ACM SIGCOMM, 2001: 248~251
11 Savage S, Wetherall D. Practical network support for IP traceback. Proceedings of the 2000 ACM SIGCOMM Conference. New York: ACM Press, 2000: 295~306
12 Snapp, Steven R, et al. DIDS(Distributed Intrusion Detection System)—Motivation, Architecture, and an Early Prototype. Proceedings of the 14th National Computer Security Conference. Washington, DC, 1991: 167~176
13 J Ousterhout, A Cherenson, et al. The Sprite Network Operating System. IEEE Computer, 1998, 21(2):23~26
14 Howard J. An analysis of security incidents on the Internet. Pittsburgh: Carnegie Mellon University, 1998: 148~149
15 Song X D, Perrig A. Advanced and authenticated marking schemes for IP traceback. IEEE INFOCOM. New York: ACM Press, 2001: 878~886
16 Krawczyk H. LFSR-based hashing and authentication. Proceedings Advances in Cryptology. Santa Barbara: Springer, 1994: 129~139
17 罗光春,张俊.入侵检测系统的历史、现状与研究发展.计算机应用研究.2003,(8):1~3
18 张杰,戴英侠.入侵检测系统技术现状及其发展趋势.邮电设计技术,2002
19 K. Kendall. A database of computer attacks for the evaluation of intrusion detection systems. Master's thesis, Massachusetts Institute of Technology, 1999
20 王自亮,罗守山.入侵检测系统的测试与评估.中国数据通信,2002
21 姚兰,王新梅.入侵检测系统的现状与发展趋势.电信科学,2002
22 汤文字,李文娟.轻量级网络入侵检测系统Snort及其应用.江苏通信技术,2005,21(2):10~13
23 陶利民,张基温.轻量级入侵检测系统——Snort的研究.计算机应用,2004,(4):104~108
24 吴玉.构建基于Snort的入侵检测系统.微电子学与计算机,2005,22(7):165~170
25 陈辰,张佐.入侵检测系统的部署及入侵模式的识别.计算机系统,2002
26 Earl Carter,李逢天.入侵检测系统及实例剖析.人民邮电出版社,2003
27 宋劲松.入侵检测全景图.微电脑世界,2002
28 金波.入侵检测技术评述.华东理工大学学报,2000,26(4):191~197
29 刘宝旭,徐菁.黑客入侵防护体系研究与设计.计算机工程与应用,2001
30 刘春颂,杨寿保.基于网络的入侵检测系统及其实现.计算机应用,2003,23(2):52~58
31 Hochberg J, Jackson K. NIDIR: an automated system for detecting network intrusion and misuse. Computers and Security, 1993, 12(3): 235~248
32 Vern Paxson. Bro: a system for detection network intruders in realtime. Computer Networka, 1999, 31(23): 2435~2463
33 程海容.入侵检测系统IDS的研究与展望.计算机辅助工程,2001,(4):2~3
34 胡昌振,李贵涛.面向21世纪网络安全与防护.北京希望电子出版社,1999:48~49
35 Stephen Northcutt.入侵特征与分析.中国电力出版社,2002:68~70
36 张颖,王辉.一种与入侵检测互动的Internet安全防范系统.计算机工程与应用,2003
37 胡华平.面向大规模网络的入侵检测与预警系统研究.国防科技大学学报,2003,25(1):6~10
38 周力波.基于CVE的入侵检测系统中对Dos攻击的研究.哈尔滨理工大学硕士学位论文,2004:28~30
39 Brian Caswell,Jay Beale.Snort2.0入侵检测.国防工业出版社,2004:240~241
40 方贤进.校园网环境下入侵检测系统的设计与实现.安徽大学硕士学位论文,2005:40~41
41 Brian Caswell, Jeremy Hewlett. SnortUsers Manual. Snort TM, 2004: 126~127
42 Thomas.Wadlow.网络安全实施方法.人民邮电出版社,2000:59~60
43 Stephen Northcutt.网络入侵检测分析员手册.人民邮电出版社,2000:21~22
44 Martin T.Hagan,Howard B.Neural Network Design(神经网络设计).机械工业出版社,2003:128~130
45 何欣.基于Snort的入侵检测系统的研究与实现.华中科技大学硕士学位论文,2004:45~46
46 Stephen Northcutt,Mark Coppe.Intrusion Signature and Analysis(入侵特征与分析).中国电力出版社,2002:67~68