001-005.html

入侵检测的相关教程

			<option value="/reference/dir.security1.html">Security	
			<!-- <option value="/reference/dir.ewtraining1.html">Training Guides -->
			<option value="/reference/dir.userinterfaces.html">UI
			<option value="/reference/dir.webservices.html">Web Services
			<option value="/reference/dir.webmasterskills1.html">Webmaster
			<option value="/reference/dir.y2k1.html">Y2K
			<option value="">-----------
			<option value="/reference/whatsnew.html">New Titles
			<option value="">-----------
			<option value="/reference/dir.archive1.html">Free Archive		
			</SELECT>
			</font></td>
	</tr>
	</table>
	</form>
<!-- LEFT NAV SEARCH END -->

		</td>
		
<!-- PUB PARTNERS END -->
<!-- END LEFT NAV -->

<td rowspan="8" align="right" valign="top"><img src="/images/iswbls.gif" width=1 height=400 alt="" border="0"></td>
<td><img src="/images/white.gif" width="5" height="1" alt="" border="0"></td>
<!-- end of ITK left NAV -->

<!-- begin main content -->
<td width="100%" valign="top" align="left">


<!-- END SUB HEADER -->

<!--Begin Content Column -->

<FONT FACE="Arial,Helvetica" SIZE="-1">
To access the contents, click the chapter and section titles.
</FONT>
<P>
<B>Intrusion Detection: Network Security beyond the Firewall</B>
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Terry Escamilla
<BR>
ISBN: 0471290009
<BR>
Publication Date: 11/01/98
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">

<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">

<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE="">&nbsp;<input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471290009/">

</form>


<!-- Empty Reference Subhead -->

<!--ISBN=0471290009//-->
<!--TITLE=Intrusion Detection: Network Security Beyond the Firewall//-->
<!--AUTHOR=Terry Escamilla//-->
<!--PUBLISHER=John Wiley & Sons, Inc.//-->
<!--IMPRINT=Wiley Computer Publishing//-->
<!--CHAPTER=1//-->
<!--PAGES=001-005//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="../ewtoc.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="005-007.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H2 ALIGN="CENTER"><FONT COLOR="#000077"><I>PART 1<BR>Before Intrusion Detection: Traditional Computer Security
</I></FONT></H2>
<P>Most people think of computer security as trying to prevent things from going wrong. Even in recent history, which includes firewalls, this approach by itself has not been successful. In the first part of this book, you see how regularly deployed security products fit your needs and how they leave you looking for more. Knowing the strengths and weaknesses of different types of security products is key to seeing how intrusion detection can add value at your site. To accomplish this goal, you learn about the following:
</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;A standard security model that can be used to think critically about how products fit into your strategy
<DD><B>&#149;</B>&nbsp;&nbsp;The role of identification and authentication products and problems they do and do not solve
<DD><B>&#149;</B>&nbsp;&nbsp;Standard access control capabilities in operating systems and how you can improve upon your defenses
<DD><B>&#149;</B>&nbsp;&nbsp;How firewalls and other techniques can strengthen your network security and leave you looking for more
<DD><B>&#149;</B>&nbsp;&nbsp;Why you still need intrusion detection even if you add these other defenses
</DL>
<H2><A NAME="Heading1"></A><FONT COLOR="#000077">Chapter 1<BR>Intrusion Detection and the Classic Security Model
</FONT></H2>
<P>Intrusion detection is a hot topic. In the last few months, several intrusion-detection companies have been gobbled up by larger security companies. All vendors want to make their security solutions different from their competitors, and adding an <I>intrusion detection system</I> (IDS) is one way to get ahead. But, why does anyone need an IDS? To really understand the answer, you have to get back to basics.</P>
<P>Computer security is a complex topic. To be precise about what you say, and what other people are saying as well, it&#146;s best to think in simple terms. Therefore, this chapter describes a basic <I>security model</I> that is at the heart of your environment. No matter how complicated your computers or networks might be, you can look at any subset and think about it in terms of <I>subjects</I>, <I>objects</I>, and <I>access control</I>.</P>
<H3><A NAME="Heading2"></A><FONT COLOR="#000077">Back to Basics: The Classic Security Model</FONT></H3>
<P>The universe is a complex beast, but it can also be reduced to a few simple nouns and verbs at the subatomic level, although you don&#146;t need to understand the universe at this level to drive to work. To deploy computer security solutions, you <I>do</I> need to think about the underlying details of each part of your environment in order to reduce the likelihood of security breaches. You should challenge yourself to understand components at your site and ask, &#147;Hey, what&#146;s <I>really</I> happening under the covers here?&#148; If someone approaches you and wants to deploy a new application, you should start with the same questions each time: Who are the subjects? What are the objects? How are accesses regulated? Who administers the security?</P>
<P>You&#146;ll want to ask plenty of other questions, which all stem from your understanding of a basic computer security model. In the first section of this chapter, you find some generally accepted goals of computer security. When you know what to expect from computer security, the next task is to find a useful way of determining whether your expectations are being met. To accomplish this, you gradually construct the security model beginning with simple abstract principles. The chapter closes with a classification scheme useful for understanding the relative roles of different products you might have at your site and how an IDS fits into the scheme.</P>
<P>Each site should have a well-defined <I>security policy</I> describing how information is to be handled. This same security policy might be enforced by a combination of different security models, because a security model is an abstraction that can be implemented in numerous ways. A product that implements a security model provides a vehicle which you can use to enforce a security policy. The same security model can support other security policies, too. Every product you use to enhance your site security could introduce its own security model. Many of the models interact when products are combined at a site. For example, a firewall and the operating system work together to provide a secure Internet connection for your company. Both the firewall and the operating system have different roles and responsibilities in delivering the total solution. The firewall depends upon the operating system to provide a safe environment in which the firewall&#146;s programs can run. If the operating system&#146;s kernel has been compromised, the firewall cannot be depended upon to fulfill its role. Because of interactions like this, you need to know what constitutes a basic security model and how you might evaluate one.</P>
<P>Briefly, a security model defines <I>entities</I> and the rules that govern how these entities interact or <I>reference</I> one another. You already are familiar with many different entities in your networks&#151;users, groups, files, routers, workstations, printers, disk drives, application programs, clients, servers, and network adapters. These entities interact and reference each other in many different ways in computer networks. <I>Access control rules</I> constrain how entities reference and interact with each other. An access control rule you frequently encounter is one limiting which users are allowed to read a particular file on a computer. You probably can think of several other examples, which indicates that you already understand the concepts underlying security models.</P>
<P>Before exploring the basic security model, think about why security is needed in the first place. A security model, implemented by one or more products, should provide value for you, by attempting to satisfy three primary goals.</P>
<H3><A NAME="Heading3"></A><FONT COLOR="#000077">Goals of Computer Security</FONT></H3>
<P>To appreciate why intrusion-detection products are now being added to improve security, you need to know the goals that security products are trying to satisfy. Because these goals are not being completely achieved with traditional products, enterprises are now deploying or investigating intrusion-detection solutions.
</P>
<P>The acronym CIA is a clever, easily remembered string that represents three central goals in computer security:</P>
<DL>
<DD><B>Confidentiality.</B> Protection of data so that it is not disclosed in an unauthorized fashion.
<DD><B>Integrity.</B> Protection against unauthorized modifications to data.
<DD><B>Availability.</B> Protection from unauthorized attempts to withhold information or computer resources.
</DL>
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="../ewtoc.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="005-007.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


<!-- all of the reference materials (books) have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- BEGIN SUB FOOTER -->
		<br><br>
		</TD>
    </TR>
	</TABLE>

		
	<table width="640" border=0 cellpadding=0 cellspacing=0>
		<tr>
		<td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td>
		
		
<!-- END SUB FOOTER -->

<!-- all of the books have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- FOOTER -->
			
		<td width="515" align="left" bgcolor="#FFFFFF">
<font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a>&nbsp;|&nbsp; <a href="/contactus.html"><font color="#006666">Contact Us</font></a>&nbsp;|&nbsp; <a href="/aboutus.html"><font color="#006666">About Us</font></a>&nbsp;|&nbsp; <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> &nbsp;|&nbsp; <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> &nbsp;|&nbsp; <a href="/"><font color="#006666">Home</font></a></b>
		<br><br>
		
		Use of this site is subject to certain <a href="/agreement.html">Terms &amp; Conditions</a>, <a href="/copyright.html">Copyright &copy; 1996-1999 EarthWeb Inc.</a><br> 
All rights reserved.  Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p>
</td>
		</tr>
</table>
</BODY>
</HTML>

<!-- END FOOTER -->