Inkqubo yokubona ukuxhamla (i-IDS) ilondoloza i-intanethi yendlela kunye nabahloli bemisebenzi esolwayo kunye nezilumkiso kwinkqubo okanye kumlawuli wenethiwekhi. Kwezinye iimeko, i-IDS iyakwazi ukuphendula kwisithuthi esingafanelekiyo okanye esingalunganga ngokuthatha isenzo ezifana nokuvimbela umsebenzisi okanye idilesi ye-IP ukusuka ekufikeleleni kwinethiwekhi.
Ii-IDS ziza kwiintlobo ezahlukeneyo ze-"flavour" kwaye zihambelana nomgomo wokufumanisa izithuthi zesohlwayo ngeendlela ezahlukeneyo. Kukho inethwekhi esekelwe kwi-network (NIDS) kunye neenkqubo zokubonwa kwe-intrusion (HIDS) ezisisiseko. Kukho ii-IDS ezizijonga ngokubhekisele ekufuneni amatshintshi athile afana neendlela ezisongelayo-ezifana nendlela yokwenza i- antivirus software ifumanisa kwaye ikhusela i-malware- kwaye kukho ii-IDS ezikujonga ngokusethekisa iipatheni zendlela zendlela kunye nokukhangela iimpazamo. Kukho ii-IDS ezinokubeka iliso kwaye zilumke kwaye kukho ii-IDS ezenza isenzo okanye isenzo ngokuphendula kwisongelo esicatshuweyo. Siza kujongela nganye kwezi zifutshane.
NIDS
Iinkqubo zokuThungathwa kwe-Intrusion Network zifakwa kwindawo ephambili okanye iingongoma ngaphakathi kwinethwekhi ukubeka iliso kwizithuthi kunye nakuzo zonke iifowuni kwinethiwekhi. Eyona nto, uya kuhlola yonke i-traffic ephumayo kwaye ephumayo, nangona ukwenza njalo kunokudala i-bottleneck engayonakalisa isivinini esiphezulu senethiwekhi.
HIDS
Iinkqubo zokuThola ukuThengiswa kweMikhosi ziqhutywe kwiimikhosi nganye okanye izixhobo kwinethiwekhi. I-HIDS ilinda iipakethi ezingenayo kwaye ziphumayo ukusuka kwisixhobo kuphela kwaye ziya kuphawula umsebenzisi okanye umlawuli womsebenzi osolwayo.
Isayinwe esekelwe
I-IDS esekelwe kwi-IDS iya kujonga iipakethi kwinethiwekhi kwaye iyawuqhathanisa neenkcukacha zamasignatures okanye iimpawu ezivela kwiingozi ezisongelayo. Oku kufana nendlela ininzi yesofthiwe ye-antivirus ibona ngayo i-malware. Umba kukuba kuya kuba ne-lag phakathi kwesongelo olutsha olufunyenwe kwintlango kunye nesayinithi yokufumanisa eso songelo sisetyenziswa kwi-IDS yakho. Ngethuba lexesha lexesha, i-IDS yakho ayiyi kukwazi ukufumana ingozi entsha.
Based Anomaly
I-IDS ene-anomaly isekelwe ukubeka iliso kwendlela yokuthutha kunye nokuyiqhathanisa nomgaqo-siseko osisiseko. Isiseko sichaza oko "okuqhelekileyo" kuloo ntanethi- luhlobo luni lwebhanwidth lisetyenziselwa ngokuqhelekileyo, yiyiphi imigaqo esetyenziswayo, yiziphi izibuko kunye nezixhobo ngokubanzi zidibanisa omnye nomnye- kwaye ziqaphele umlawuli okanye umsebenzisi xa kuthathwa i-traffic ephazamisayo, okanye ehluke kakhulu kunesiseko.
IDS
I-IDS engabonakaliyo ibona kwaye iyalumkisa. Xa ukuthungela kweso sithuthi kufunyenwe kwaye kuthunyelwa kumlawuli okanye umsebenzisi kwaye kuya kubo ukuthatha inyathelo ukuvimba umsebenzi okanye uphendule ngandlela-thile.
IDS esebenzayo
I-IDS echanekileyo ayiyi kubona kuphela ityala elikrokre okanye elibi kwaye liqaphele umlawuli kodwa liya kuthatha isenzo esicacisiwe sokuphendula kwisongelo. Ngokuqhelekileyo oku kuthetha ukuthintela nayiphi na enye inethiwekhi yethrafikhi kwidilesi ye IP okanye umsebenzisi.
Enye yezona zinto ziyaziwayo kwaye zisetyenziswa ngokubanzi zikhokelo zokungena kwi-intrusion ngumthombo ovulekileyo, ufumaneka ngokukhululekile. Itholakala kwinani lamapulatifti kunye neenkqubo zokusebenza ezibandakanya zombini iiLuxux kunye neWindows . I-Snort inomxholo omkhulu kwaye uthembekile kwaye kukho ezininzi izibonelelo ezikhoyo kwi-Intanethi apho unokufumana khona izityikityo ukuphumeza ukufumana iintsongelo zakutshanje. Ngolunye uhlobo lwezicelo zokufumanisa ukungena kwe-freeware, ungavakashela i-Free Intrusion Detection Software .
Kukho umgca omhle phakathi kwe-firewall kunye ne-IDS. Kukho ubuchwepheshe obubizwa ngokuba yi-IPS- Intrusion Prevention System . I-IPS imele i-firewall edibanisa ukucoca kwinqanaba lenethiwekhi kunye ne-application kunye ne-IDS esebenzayo ukuze ikhusele inethiwekhi. Kubonakala ngathi njengokuba ixesha lihamba kwiifutha, ii-IDS kunye ne-IPS zithatha iimpawu ezingaphezulu komnye nomnye kwaye zifake umgca ngaphezulu komgca.
Okubalulekileyo, i-firewall yakho iyona mgca wokuqala wokukhusela i-perimeter. Izindlela eziphambili zincoma ukuba i-firewall yakho icwangciswe ngokucacileyo ukuze YENZELE zonke izithuthi ezingenayo uze uvula imigodi apho kuyimfuneko. Unokufuna ukuvula i-port 80 ukusingatha iiwebhsayithi okanye i-port 21 ukusingatha iseva yefayile yeFTP . Ngayinye yale mingxuma ingaba yimfuneko kumbono omnye, kodwa iyakubonisa imingcipheko enokuthi ingenangendawo yokungena kwinethiwekhi yakho kunokuba ivinjelwe yi-firewall.
Yilapho i-IDS yakho iza kungena khona. Ingaba usebenzisa i-NIDS kuyo yonke inethiwekhi okanye i-HIDS kwisixhobo sakho esithile, i-IDS iya kubeka esweni i-traffic ephumayo kwaye ikhutshwe kwaye ichane i-traffic or malicious traffic which may have oversew firewall yakho okanye kungenzeka ukuba ivela ngaphakathi kwintanethi yakho.
I-IDS ingaba sisixhobo esikhulu sokongamela ngokukhawuleza nokukhusela intanethi yakho kwimisebenzi enobungozi, nangona kunjalo, iyanamathela kwi-alamu zamanga. Ngokumalunga nanoma yisiphi isisombululo se-IDS oya kuphumeza uya kuyidinga "ukuyilungisa" emva kokuba ifakwe kuqala. Udinga i-IDS ukuba ilungiselelwe kakuhle ukuba uqaphele ukuba yintoni inqabileyo yezithuthi kwinethiwekhi yakho kunye nento enokuba yindlela enobungozi kunye nawe, okanye ngabalawuli abajongene nokuphendula kwizazisi ze-IDS, kufuneka baqonde ukuba zeziphi izilumkiso zithetha kunye nendlela yokuphendula ngokufanelekileyo.