?? 111-112.html
字號:
<HTML>
<HEAD>
<META name=vscategory content="Network Services Security">
<META name=vsisbn content="0471290009">
<META name=vstitle content="Intrusion Detection: Network Security beyond the Firewall">
<META name=vsauthor content="Terry Escamilla">
<META name=searchdescription content="The first ever hands-on guidebook on intrusion detection.<P>The new intrusion detection products watch your network full-time, looking out for suspicious behavior. This how-to book provides clear steps for hardening your network against attacks and leaks. The author teaches you how to distinguish what each product can and can't do to fill your network's particular gaps.<P>Companion Web site features standards updates, industry news, and product information.">
<META name=vsimprint content="Wiley Computer Publishing ">
<META name=vspublisher content="John Wiley & Sons, Inc.">
<META name=vspubdate content="11/1/98">
<TITLE>Intrusion Detection: Network Security Beyond the Firewall:The Role of Access Control in Your Environment</TITLE>
<!-- BEGIN HEADER -->
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
var Win = new Object() ;
}
//-->
</SCRIPT>
</HEAD>
<body bgcolor="ffffff" link="#006666" alink="#006666" vlink="#006666">
<table width="640" border="0" cellpadding="0" cellspacing="0">
<tr valign="top">
<td>
<!-- Begin Ads ITKBAN.BOOKS //-->
<!-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------->
<!-- ITKBAN.BOOKS End Ads //--></td>
<td>
<!-- Begin Ads ITKBAN //-->
<!------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------>
<!-- ITKBAN End Ads //--></td>
</tr>
<tr><td height="1" colspan="2" bgcolor="#CCCCCC"><img src="/images/white.gif" border=0 alt=""></td></tr>
</TABLE>
<!-- END HEADER -->
<!-- BEGIN SUB HEADER -->
<table bgcolor="#FFFFFF" cellpadding="0" cellspacing="0" border="0" width="100%">
<!-- ITK LOGO Banner -->
<tr>
<td align="left" valign="top" bgcolor="#FFFFFF"><script>
function GetCookie (name)
{
var arg = name + "=";
var alen = arg.length;
var clen = document.cookie.length;
var i = 0;
while (i < clen)
{
var j = i + alen;
if (document.cookie.substring(i, j) == arg) {
var end = document.cookie.indexOf (";", j);
if (end == -1)
end = document.cookie.length;
return unescape(document.cookie.substring(j, end));
}
i = document.cookie.indexOf(" ", i) + 1;
if (i == 0) break;
}
return null;
}
var m1='<IMG SRC="';
var m2='/images/itk-logo.gif';
var m3='" VSPACE="10" WIDTH=434 HEIGHT=58 ALT="ITKnowledge" border="0">';
var gifstr=GetCookie("UsrType");
if((gifstr!=0 ) && (gifstr!=null)) { m2=gifstr; }
document.write(m1+m2+m3);
</script>
</td>
</tr>
<!-- END of ITK LOGO Banner -->
<!-- ITK TOPNAV -->
<tr>
<td align="left" valign="top" nowrap>
<a href="/"><img src="/images/home1.gif" width=38 height=37 alt="home" border="0"></a> <a href="/pick-account.html"><img src="/images/accountinfo.gif" width=70 height=37 alt="account info" border="0"></a> <a href="/PSUser/usrreg.htm?AdminAction=InitAdd&Locale=en&URI=/"><img src="/images/subscribe2.gif" width=56 height=37 alt="subscribe" border="0" hspace="6"></a> <a href="/PSUser/psuserauth.htm?cmd=login&URI=/"><img src="/images/login1.gif" width=33 height=37 alt="login" hspace="5" border="0"></a> <a href="/search/"><img src="/images/search1.gif" width=43 height=37 alt="search" border="0" hspace="10"></a> <a href="/faq/faq.html"><img src="/images/faqs1.gif" width=40 height=37 alt="FAQ/help" border="0" hspace="0"></a> <a href="/sitemap.html"><img src="/images/sitemap1.gif" width=46 height=37 alt="site map" border="0" hspace="2"></a> <a href="/contactus.html"><img src="/images/contact1.gif" width=61 height=37 alt="contact us" border="0" hspace="4"></a><br>
<img src="/images/white.gif" width="1" height="5" alt="" border="0">
</td>
</tr>
</table>
<!-- END of ITK TOPNAV -->
<!-- begin of ITK left NAV -->
<!-- BEGIN LEFT NAV -->
<table width=99% border="0" cellpadding="2" cellspacing="0">
<tr>
<td bgcolor="#ffffff" width=120 valign="top" rowspan=8>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">
<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">
<img src="/images/search5.gif" width=115 height=27 alt="" border="0"><br>
<img src="/images/white.gif" width="1" height="5" alt="" border="0"><br>
<table width="116" height="135" bgcolor="#e0e0e0" border="1" bordercolor="#006666" cellpadding="3" cellspacing="0">
<tr>
<td width="116">
<input type="text" name="metaqueryText" value="" size="8"> <input type="submit" name="submitbutton" value="Go!">
<INPUT type="hidden" NAME="section_on" VALUE="on">
<font face="Arial,helvetica" size="1">
<SELECT NAME="metatags" style="font-size: 10; font-family: sans-serif;" size="1">
<option value="keyword" SELECTED>Keyword
<option value="vstitle">Title
<option value="vsauthor">Author
<option value="vsisbn">ISBN
<option value="vspublisher">Publisher
<option value="vsimprint">Imprint
</SELECT></font><br>
<input type="radio" name="ResultTemplate" value="itk-brief.hts" checked style="background-color: #e0e0e0;"><font face="arial, helvetica" color="#006666" size="1">Brief</font>
<input type="radio" name="ResultTemplate" value="itk-full.hts" style="background-color: #e0e0e0;"><font face="arial, helvetica" color="#006666" size="1">Full</font><br>
<font face="arial, helvetica" size="1">
<img src="/images/bullet.gif" width=5 height=5 hspace="5" alt="" border="0"> <a href="/search/"><font color="#006666">Advanced</font></a><br> <a href="/search/"><font color="#006666">Search</font></a><br>
<img src="/images/bullet.gif" width=5 height=5 hspace="5" alt="" border="0"> <a href="/search/search-tips.html"><font color="#006666">Search Tips</font></a>
</font>
</td>
</tr>
</table>
</form>
<!-- BROWSE BY TOPIC -->
<form action="" name="catlist">
<img src="/images/browse5.gif" width=115 height=34 alt="" border="0">
<table width="120" height="32" border="1" cellspacing="0" cellpadding="3" bordercolor="#006666" bgcolor="#e0e0e0">
<tr>
<td width="117" align="center">
<font face="Arial,helvetica" size="1">
<SELECT NAME="cat" onChange='top.location.href=this.options[selectedIndex].value;' style="font-size: 10; font-family: sans-serif;">
<option value="" selected>Please Select
<option value="">-----------
<option value="/reference/dir.components.html">Components
<option value="/reference/dir.contentmanagement.html">Content Mgt
<option value="/reference/dir.certification1.html">Certification
<option value="/reference/dir.databases.html">Databases
<option value="/reference/dir.enterprisemanagement1.html">Enterprise Mgt
<option value="/reference/dir.funandgames1.html">Fun/Games
<option value="/reference/dir.groupwareandcollaboration1.html">Groupware
<option value="/reference/dir.hardware1.html">Hardware
<option value="/reference/dir.intranetandextranetdevelopment1.html">Intranet Dev
<option value="/reference/dir.middleware.html">Middleware
<option value="/reference/dir.multimediaandgraphicdesign1.html">Multimedia
<option value="/reference/dir.networkservices1.html">Networks
<option value="/reference/dir.operatingsystems.html">OS
<option value="/reference/dir.productivityapplications1.html">Prod Apps
<option value="/reference/dir.programminglanguages.html">Programming
<option value="/reference/dir.security1.html">Security
<!-- <option value="/reference/dir.ewtraining1.html">Training Guides -->
<option value="/reference/dir.userinterfaces.html">UI
<option value="/reference/dir.webservices.html">Web Services
<option value="/reference/dir.webmasterskills1.html">Webmaster
<option value="/reference/dir.y2k1.html">Y2K
<option value="">-----------
<option value="/reference/whatsnew.html">New Titles
<option value="">-----------
<option value="/reference/dir.archive1.html">Free Archive
</SELECT>
</font></td>
</tr>
</table>
</form>
<!-- LEFT NAV SEARCH END -->
</td>
<!-- PUB PARTNERS END -->
<!-- END LEFT NAV -->
<td rowspan="8" align="right" valign="top"><img src="/images/iswbls.gif" width=1 height=400 alt="" border="0"></td>
<td><img src="/images/white.gif" width="5" height="1" alt="" border="0"></td>
<!-- end of ITK left NAV -->
<!-- begin main content -->
<td width="100%" valign="top" align="left">
<!-- END SUB HEADER -->
<!--Begin Content Column -->
<FONT FACE="Arial,Helvetica" SIZE="-1">
To access the contents, click the chapter and section titles.
</FONT>
<P>
<B>Intrusion Detection: Network Security beyond the Firewall</B>
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Terry Escamilla
<BR>
ISBN: 0471290009
<BR>
Publication Date: 11/01/98
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">
<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">
<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE=""> <input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471290009/">
</form>
<!-- Empty Reference Subhead -->
<!--ISBN=0471290009//-->
<!--TITLE=Intrusion Detection: Network Security Beyond the Firewall//-->
<!--AUTHOR=Terry Escamilla//-->
<!--PUBLISHER=John Wiley & Sons, Inc.//-->
<!--IMPRINT=Wiley Computer Publishing//-->
<!--CHAPTER=3//-->
<!--PAGES=111-112//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="108-111.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="../ch04/113-116.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>Even if the access control rules are correctly set, it is possible to abide by these constraints yet still hack a system and gain complete control. The net is <I>that access control is not sufficient for securing your environment</I>. A few years ago, it was not hard to find people who would argue that preventative access control techniques were enough to block attacks. Now, awareness of the importance of monitoring and intrusion detection is slowly creeping into the marketplace.</P>
<P>One weakness of SeOS is that it does not regulate access to traditional IPC constructs, such as semaphores, message queues, or shared memory. No audit trail events are emitted by SeOS for these resources. Not many hack attacks are launched from IPC components, but it will not be long before weakness in IPC security result in system compromises. If you’re using an IDS, you have a higher chance of catching hacks if they occur at this low level in the system.</P>
<P>Although it is not a weakness of SeOS, a computer with only SeOS can still be hacked when someone accesses a resource that is not managed by the SeOS reference monitor. How is this possible? Because SeOS is an access control environment that requires the administrator to specify access rules, administrators may make mistakes. Also, an administrator may not put all system resources under the control of SeOS. Not all buffer overflow attacks will be intercepted by access rules in SeOS. Thus, although SeOS significantly improves the access control security for most systems, it must be complemented with monitoring products.</P>
<P>As noted before, it is extremely important that you monitor your system’s activities to fine tune both your I&A and access control configurations. In the next chapter, you will see how these same issues affect network security. Both I&A and access control for networks will be described. Adding a firewall to better control your site security will definitely increase your perimeter security. However, you will see that intrusion detection is still required because firewalls and other network security mechanisms do not completely eliminate successful hacker attacks.</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="108-111.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="../ch04/113-116.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<!-- all of the reference materials (books) have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->
<!-- BEGIN SUB FOOTER -->
<br><br>
</TD>
</TR>
</TABLE>
<table width="640" border=0 cellpadding=0 cellspacing=0>
<tr>
<td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td>
<!-- END SUB FOOTER -->
<!-- all of the books have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->
<!-- FOOTER -->
<td width="515" align="left" bgcolor="#FFFFFF">
<font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a> | <a href="/contactus.html"><font color="#006666">Contact Us</font></a> | <a href="/aboutus.html"><font color="#006666">About Us</font></a> | <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> | <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> | <a href="/"><font color="#006666">Home</font></a></b>
<br><br>
Use of this site is subject to certain <a href="/agreement.html">Terms & Conditions</a>, <a href="/copyright.html">Copyright © 1996-1999 EarthWeb Inc.</a><br>
All rights reserved. Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p>
</td>
</tr>
</table>
</BODY>
</HTML>
<!-- END FOOTER -->
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -