121-124.html

入侵检测的相关教程

			<option value="/reference/dir.operatingsystems.html">OS
			<option value="/reference/dir.productivityapplications1.html">Prod Apps
			<option value="/reference/dir.programminglanguages.html">Programming
			<option value="/reference/dir.security1.html">Security	
			<!-- <option value="/reference/dir.ewtraining1.html">Training Guides -->
			<option value="/reference/dir.userinterfaces.html">UI
			<option value="/reference/dir.webservices.html">Web Services
			<option value="/reference/dir.webmasterskills1.html">Webmaster
			<option value="/reference/dir.y2k1.html">Y2K
			<option value="">-----------
			<option value="/reference/whatsnew.html">New Titles
			<option value="">-----------
			<option value="/reference/dir.archive1.html">Free Archive		
			</SELECT>
			</font></td>
	</tr>
	</table>
	</form>
<!-- LEFT NAV SEARCH END -->

		</td>
		
<!-- PUB PARTNERS END -->
<!-- END LEFT NAV -->

<td rowspan="8" align="right" valign="top"><img src="/images/iswbls.gif" width=1 height=400 alt="" border="0"></td>
<td><img src="/images/white.gif" width="5" height="1" alt="" border="0"></td>
<!-- end of ITK left NAV -->

<!-- begin main content -->
<td width="100%" valign="top" align="left">


<!-- END SUB HEADER -->

<!--Begin Content Column -->

<FONT FACE="Arial,Helvetica" SIZE="-1">
To access the contents, click the chapter and section titles.
</FONT>
<P>
<B>Intrusion Detection: Network Security beyond the Firewall</B>
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Terry Escamilla
<BR>
ISBN: 0471290009
<BR>
Publication Date: 11/01/98
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">

<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">

<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE="">&nbsp;<input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471290009/">

</form>


<!-- Empty Reference Subhead -->

<!--ISBN=0471290009//-->
<!--TITLE=Intrusion Detection: Network Security Beyond the Firewall//-->
<!--AUTHOR=Terry Escamilla//-->
<!--PUBLISHER=John Wiley & Sons, Inc.//-->
<!--IMPRINT=Wiley Computer Publishing//-->
<!--CHAPTER=4//-->
<!--PAGES=121-124//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="119-121.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="124-126.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>For the operating system and applications delivered with it, the network security entities of interest are as follows:
</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;Users and groups
<DD><B>&#149;</B>&nbsp;&nbsp;Network nodes
<DD><B>&#149;</B>&nbsp;&nbsp;Network software applications
</DL>
<P>Network adapters are also part of network security because ultimately, network traffic must be marked for a specific physical address. However, these entities are treated as devices on the system itself and fall under the jurisdiction of the access control rules for files and directories.
</P>
<H4 ALIGN="LEFT"><A NAME="Heading8"></A><FONT COLOR="#000077">I&#38;A for Users and Groups in a Network</FONT></H4>
<P>You are already familiar with I&#38;A for users and groups on stand-alone systems. In networked environments, the only additional concern is the <I>scope</I> of the definitions for these entities in the network. A stand-alone computer contains local repositories for identifying users and groups. Multiple independent stand-alone systems each control their own repositories of user and group information. The <I>namespaces</I> that define users and groups across systems can be disjointed or intersecting. Indeed, the namespaces that define any entities in a network can intersect or remain disjointed depending on how the site is configured.</P>
<P>In Chapter 2, &#147;The Role of Identification and Authentication in Your Environment,&#148; you saw how a group of related nodes could share a single namespace for user and group information. Possible solutions included a central authentication server for many nodes based on NIS, Kerberos, or DCE. Hybrid configurations that permit local user definitions and definitions in a central server must define a <I>precedence</I> relation that claims whether the local repository or the global repository is searched first. NIS and NIS&#43; provide a configuration file for this purpose. Using local and global repositories for user definitions is tricky  because knowing precisely <I>who</I> the user is greatly affects what access rights a user has when connected to a system. Also, intrusion detection tools that try to assign accountability for actions across network nodes need to know the originator of a request.</P>
<P>Most operating systems permit complicated definitions, such as the same username with different UIDs&#151;one on the local node and one in the central authentication server. When systems are configured this way, you must understand who (which UID) the system will reference when making access control decisions. Familiarize yourself with your system&#146;s documentation to understand how the user&#146;s identity is chosen at login time. NT generates a user&#146;s SID that does not have the same value as any user on another node. UNIX UIDs can be identical for different users on multiple nodes.</P>
<P>Higher layer protocols such as NFS assume a common namespace across systems. NFS also provides some basic security features such as transforming the root UID (zero) to that of nobody (&#150;2) when root is accessing files across systems. The UIDs and GIDs stored in the usual operating system repositories, local or remote, are utilized by NFS as the basis for access control decisions. <I>Not all network traffic passes information about users and groups as part of the protocol data</I>. The mail protocol <I>Simple Mail Transfer Protocol</I> (SMTP) knows about network addresses only when it is forwarding mail from one system to another. The mail recipient&#146;s UID and GID  are not passed in the mail message itself. Instead, the username is extracted from the header by the mail server. The username is used to decide in which mail spool file to deposit the incoming message. As the mail is forwarded across systems, only the network address is important.</P>
<P>Many other network protocols exchange information between network nodes and do not require user or group information in the protocol. Examples include routing and gateway information protocols or low-level network messages that test whether a node is alive.</P>
<P>To summarize, users and groups are identified and authenticated in network security using one of the following techniques:</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;The normal operating system login
<DD><B>&#149;</B>&nbsp;&nbsp;An authentication server
<DD><B>&#149;</B>&nbsp;&nbsp;Application-specific techniques
</DL>
<P>Also, when your identity has been verified, the network communication sessions need to pass your credentials around so that operations you request on remote systems can be evaluated according to that system&#146;s access control rules. When you want to run a command remotely on another system, at least one network message sent from your system to the remote node needs to carry your credentials. Otherwise, how would the remote system know how to run the operation securely on your behalf? The remote system will need to create a process context, just as a local login session does, to properly enforce the security policy.
</P>
<P>If a user&#146;s access request is to an application object, then the access control rules are <I>evaluated in the context of that application</I> and not by the operating system. In other words, a <I>Database Management System</I> (DBMS) client-server access-control decision is (typically) based on the identity of the <I>user</I>, not on the identity of the computer on which the user is working.</P>
<H4 ALIGN="LEFT"><A NAME="Heading9"></A><FONT COLOR="#000077">Security Models within Models</FONT></H4>
<P>It&#146;s always amusing to remember, though, that the Notes clients, servers, and database files all exist as objects in the operating system, too. The Notes server is a process or thread running in the context of the operating system on which it is installed. The executable program that <I>is</I> the Notes server is stored on disk as an operating system file. Although the Notes server makes its own security relevant decisions about entities that it regulates, the server also has an operating system context, complete with UIDs and GIDs. This dual nature of independent reference monitors on systems is always interesting to think about because it shows how multiple security models can exist concurrently on a system and how a product that implements its own security model can be viewed as a subject or object within the context of a completely different reference monitor and security model. For the systems&#146; administrator, these environments can be confusing and difficult to secure because so many entities and security mechanisms are crossing boundaries.</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="119-121.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="124-126.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


<!-- all of the reference materials (books) have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- BEGIN SUB FOOTER -->
		<br><br>
		</TD>
    </TR>
	</TABLE>

		
	<table width="640" border=0 cellpadding=0 cellspacing=0>
		<tr>
		<td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td>
		
		
<!-- END SUB FOOTER -->

<!-- all of the books have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- FOOTER -->
			
		<td width="515" align="left" bgcolor="#FFFFFF">
<font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a>&nbsp;|&nbsp; <a href="/contactus.html"><font color="#006666">Contact Us</font></a>&nbsp;|&nbsp; <a href="/aboutus.html"><font color="#006666">About Us</font></a>&nbsp;|&nbsp; <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> &nbsp;|&nbsp; <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> &nbsp;|&nbsp; <a href="/"><font color="#006666">Home</font></a></b>
		<br><br>
		
		Use of this site is subject to certain <a href="/agreement.html">Terms &amp; Conditions</a>, <a href="/copyright.html">Copyright &copy; 1996-1999 EarthWeb Inc.</a><br> 
All rights reserved.  Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p>
</td>
		</tr>
</table>
</BODY>
</HTML>

<!-- END FOOTER -->