Shulou(Shulou.com)06/01 Report--

One day when I was walking by the side of the road, I saw several brothers arguing. For convenience, they were called firewalls, which were called firewalls to defend against IPS,*** detection of IDS.

These are given to them, arguing about a topic, who is the most powerful, the specific question is, who is the most suitable for the customer?

Firewall: I tell you, I am the best, you build no, with me, do not try to sneak into the customer network, want to sneak into my territory (customer intranet), this is impossible.

I tell you, I was born not to trust anyone, only the people in my territory, so it is impossible to intimidate my people through me.

IDS: well, if you can, how can I always detect some malicious activities? Hey, hit me in the face.

Firewall: you can pull, yes, I admit that you can detect some malicious behavior, but you just rely on your father's resources, you can use your father's feature library, what is so powerful, come on, hurt each other, let your boy dismantle me.

IPS: excuse me, I don't want to take it personally. I want to say that everyone here is rubbish, and you can protect the intranet better than the firewall, but have you ever thought that 50% of the security is caused by civil strife among your own people?

And IDS, the intranet area you monitor is large, but in a critical moment, your boy is of no use. Not to mention that your father's feature library is not necessarily comprehensive, just say that your boy has detected * behavior.

But what's the use? it's just a few grudging shouts, "everybody, this place is fucked". What else can you do?

I'm different. I can not only detect but also intercept, can you? Let me tell you how good I am, to save you from pretending to be forced, even if you dare to pretend to be forced in front of me, hem!

Firewall you have some functions I have, but also better than you, you just use five tuples (source IP, source port, destination IP, destination port, transport layer protocol TCP/UDP) to achieve the effect of packet filtering, you touch your conscience and say, do you really filter the things carried by internal data packets?

And I can check the deep content of the packet (deep packet inspection) to see if they carry worms, viruses, and so on, and when detected, I can also use my feature library to defend against these potential behaviors.

Hey, I said, what are you laughing at (IDS)? I just said that you have a large monitoring area, but it just saves you some face, but your essence is simply to analyze and test according to the network and the host computer.

Make a general direction of the implementation plan, is not necessarily accurate, if your father does not give strength, the feature library is not updated in time, you will also cause "wolf" effect, wasted customer energy, you said, can give you a good face?

I obviously saw that the face of the firewall and IDS turned red, a sign of great evil, don't give me a whole problem, then it would be troublesome to ask me to be a witness (there are few people in this place, only a few of us), I don't want to take care of this stupid thing, forget it, do a good thing to mediate.

I've been listening to you three quarrels for so long, would you allow me to say a word? The buddies sneered and said, what can you say? )

There is no denying that you are a little stronger in IPS, and you can do that, but can you understand your two predecessors and how you were born? it is not because your two predecessors themselves were born with certain limitations.

In the past, there was less civil strife, and most of the dangers came from the outside, but as some bosses spread all kinds of skills on the Internet, such as what bypassed the security dog, what dictionary burst, what sql injection, and so on.

You were born late, you should not know, there has always been a script boy, which means that many ignorant people are no longer as proficient in various programming languages as they used to be, and now they can easily cause trouble with the tools written by the boss. the website is easily hacked, the server is taken down, and then * into the intranet.

Behind with this senior-firewall, you do not know that many people see the firewall on a word, here is too dangerous, retreat immediately. The firewall has made a great contribution. (firewall face is getting better and promising, boasting about IDS, this fight may not be able to fight.)

Let's talk about the elder IDS. (the little look full of expectation is going to make me happy, well, never laugh.)

As I said just now, because of the guard of the firewall seniors, many dangers are shut out, but the so-called as virtue rises one foot and vice rises ten, some people think, this is not the same thing (usually where there is a firewall, the internal data is very valuable). Now the data obtained is meaningless, ah, are all data from small places, what should we do? Not to mention, really give them to come up with a solution-the idea is to start from the inside is the best way to do it.

To be specific, let me introduce you to the elder IDS.

IDS is divided into two parts, host model (HIDS) and network type (NIDS).

The host detection system generally uses system logs, application logs and other logs as the source for analysis, mainly for the protection of the system.

Network-based * * detection is generally based on the data on the network as the data source. The usual method is to set the Nic of the machine to hybrid mode, so that you can monitor the data flowing in the network segment. The burden of NIDS is relatively large, considering the entire network segment.

Both of them will count the abnormal behavior, and also evaluate the key resources of the system to a certain extent, and check the configuration or vulnerability information of the system.

IDS is usually a necessary equipment in maintenance. (the information collected and considered by the insurance company is of safety guiding significance.)

And you IPS, your birth is an integrated idea, first sum up the firewall predecessors are based on IP, port and protocol to implement access control, in short, belongs to the access control system. IDS belongs to the audit system as a whole.

Some people say, why not get together? That's where you came from.

IPS has an embarrassed expression, so he really belongs to the younger generation. No wonder the founder told him not to be too arrogant when he met the firewall and IDS.

Follow-up: will continue to create more interesting articles.

Last

Follow the official account: engineers, contact the editor Wechat Blue469 for information.

Guys, here's some practical information!

Does it help? Nice! Forward!

​

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.