Munyika yekuchengetedzwa kwekombuta, Snort yakabuda seimwe yezvishandiso zvakanyanya kushandiswa kuona nekudzivirira kupindira kwetiweki. Kugona kwayo kuongorora network packet munguva chaiyo uye enzanisa navo dhatabhesi kubva kumafemu anozivikanwa inoita kuti ive shamwari yakakosha kuchengetedza masisitimu edu. Nekudaro, kuti Snort ishande nemazvo, zvakakosha kugadzirisa madoko akakodzera kuti avhure. Muchinyorwa chino, isu tichaongorora madoko anofanirwa kuwanikwa kune Snort uye maitiro ekuamisa nemazvo, kuve nechokwadi chekudzivirira kwakasimba uye kwakanaka.
1. Nhanganyaya yeSnort: Ndeapi maPorts ekuvhura kuti abudirire Kugadzirisa?
Rimwe remabasa ekutanga paunenge uchigadzira Snort ndeyekuvhura madoko anodiwa kuti uve nechokwadi chekubudirira kurongeka. Snort ndeye network-based intrusion yekuongorora system inoshandisa mitemo kuona zvinogona kutyisidzira uye kurwiswa. Kuti ive nechokwadi chekushanda kwakakwana, zvakakosha kubvumidza traffic kuti ifambe nemumadoko chaiwo.
Usati wavhura zviteshi, zvakakosha kuziva kuti network yega yega uye gadziriso yakasarudzika, saka hapana-saizi-inokodzera-yese mhinduro. Iyo chaiyo configuration ichaenderana nezvinhu zvakadai sisitimu yekushandisa, nharaunda yetiweki uye izvo zvinodikanwa zvesangano rako. Nekudaro, pazasi inzira yakajairika yekuvhura madoko anodiwa kune yakabudirira Snort setup.
Chekutanga, zvakakosha kubvumidza traffic kuburikidza nemachiteshi anodiwa kune yakakosha kushanda kweSnort. Kazhinji, zvinokurudzirwa kuvhura TCP ports 80 (HTTP) uye TCP/UDP 443 (HTTPS). Aya madoko anoshandiswa pawebhu traffic uye akakosha kune mazhinji network. Pamusoro pezvo, kana yako Snort kumisikidzwa inosanganisira yekutarisa mamwe masevhisi kana maprotocol chaiwo, senge email kana FTP, iwe uchafanirwa kuve neshuwa yekuvhura madoko anoenderana neaya masevhisi. Rangarira kungovhura madoko anodiwa uye kudzima chero zvisina basa kana kusashandiswa zviteshi kuti uderedze nzvimbo yekuratidzira.
2. Chii chinonzi Snort uye nei zvakakosha kuvhura zviteshi zvekushanda kwayo?
Snort ndeye yakavhurika sosi network intrusion yekuona uye yekudzivirira system (IDPS), iyo inopa yakawedzera chengetedzo kunetiweki ako uye masisitimu. Zvakakosha kuvhura madoko anodiwa pakushanda kwayo, sezvo nenzira iyi iwe uchivimbisa kuti Snort inogona kugamuchira uye kuongorora network traffic. zvinobudirira.
Kune marudzi maviri emasensa muSnort: inline uye unzenza. Kuti Snort ishande nemazvo mune unzenza modhi, iwe unofanirwa kuve nechokwadi chekuti Ethernet ports inogadziriswa mune unzenza modhi, izvo zvinovatendera kutora uye kuongorora traffic yese inopfuura nepanetiweki.
Kana iwe uri kushandisa Snort sensor mune inline modhi, iwe unofanirwa kuve nechokwadi chekuti madoko anodiwa akavhurika pane yako firewall kana router. Aya madoko anosiyana zvichienderana nekumisikidzwa uye vhezheni yeSnort yauri kushandisa, saka zvakakosha kubvunza zviri pamutemo Snort zvinyorwa kana kutsvaga ruzivo rwakanangana nenyaya yako.
Muchidimbu, kuvhura madoko anodiwa kuti Snort ishande nemazvo kwakakosha pakuona kuti intrusion inoonekwa uye kudzivirira panetiweki yako. Ingave mune unzenza kana inline modhi, ita shuwa kuti wamisa yako Ethernet ports nemazvo uye wovhura madoko anodiwa pafirewall yako kana router. Izvi zvinobvumira Snort kunyatsoongorora uye kudzivirira yako network traffic, kuchengetedza masisitimu ako akachengeteka uye akachengeteka.
3. Kuzivikanwa kweCrucial Ports yeSnort: A Technical Analysis
Mukati memunda wekuchengetedzwa kwekombuta, zvakakosha kuti uone madoko akakosha ekushanda kwakanaka kweSnort, ine simba-yakavakirwa-yakavakirwa intrusion yekuona chishandiso. Aya madoko inzira dzekutaurirana dzinoshandiswa neSnort kutarisa network traffic uye kuongorora chero chiitiko chekufungidzira. Mukuongorora kwehunyanzvi uku, tichapa gwara rakadzama nhanho nhanho kuziva nemazvo uye kugadzirisa madoko anodiwa kuti abudirire Snort deployment.
Chekutanga pane zvese, zvakakosha kuti uzive zviteshi zvinonyanya kushandiswa mune yanhasi network yekubatanidza, seTCP-80 yeHTTP protocol uye TCP-443 yeHTTPS protocol. Pamusoro pezvo, isu tinosimbisa kukosha kwezviteshi UDP-53 yeDNS sevhisi uye TCP-21 yeFTP protocol, pakati pevamwe. Aya madoko anoonekwa seakakosha nekuda kwehuwandu hwekushandisa uye anowanzo shandiswa semavekita ekurwiswa kwecyber.
Kuti uwane kugadziridzwa kwechiteshi muSnort, tinokurudzira kushandisa basa racho portvar, izvo zvinotibvumira kutsanangura zvinoshanduka kune chaiwo madoko atinoda kutarisa. Nekubatanidza mutsara wakafanana portvar HTTP_PORTS [,80,8080] Mune yedu Snort configuration file, tiri kuratidza kuti Snort ichaongorora ports 80 uye 8080. Iyi nzira yakanyatsogadziriswa inotipa hukuru hukuru pamusoro pezviteshi zvekuongorora uye kuderedza maaramu enhema. Zvakare, zvakakosha kuziva kuti Snort inoshandisa iyo faira yekumisikidza snort.conf kutsanangura zviteshi.
4. Port Configuration yeSnort: Best Practices uye Recommendations
Kurongeka kwakaringana kwechiteshi cheSnort kwakakosha pakushanda kwayo uye kuve nechokwadi chekuonekwa kwekutyisidzira paInternet. Pazasi pane mamwe maitiro akanakisa uye kurudziro yekuita iyi setup nemazvo.
1. Shandisa madoko chaiwo: Zvinokurudzirwa kusarudza madoko chaiwo ekutarisa traffic pane kushandisa ese madoko. Izvi zvinobatsira kuderedza ruzha uye kutarisa kumadoko ane chekuita netiweki nharaunda. Iwe unogona kuita izvi nekugadzirisa iyo Snort yekumisikidza faira uye nekutsanangura yaunoda ports.
2. Shandura iyo default ports: Nekumisikidza, Snort inogadzirirwa kutarisa inonyanya kushandiswa TCP uye UDP ports. Nekudaro, network yega yega yakasarudzika uye inogona kunge iine akasiyana madoko anofanirwa kutariswa. Zvinokurudzirwa kuti ugadzirise kuSnort's default ports kuti uzvigadzirise kunetiweki zvaunoda. Izvi Zvinogona kuitwa kuburikidza nekugadzirisa mitemo uye kushandisa mirairo yakakodzera.
5. Matanho ekuvhura Mapodhi Akananga muFirewall yeSnort
Kuti uvhure madoko chaiwo muFirewall yeSnort, unofanirwa kutevera mashoma akakosha matanho. Aya matanho anovimbisa kuti traffic inoenda kune inodiwa madoko inogona kupfuura nepaFirewall pasina zvirambidzo. Pazasi pane nhanho-ne-nhanho maitiro ekuita izvi:
- Ziva madoko aunoda kuvhura: Usati waita chero gadziriso, zvakakosha kuti uve pachena nezve madoko api aunoda kubvumidza traffic. Izvi zvinogona kusiyana zvichienderana nezvinodiwa zvehurongwa uye maapplication kana masevhisi ari kushanda.
- Svika iyo Firewall marongero: Kuti uvhure madoko, zvinodikanwa kuti uwane iyo Firewall marongero anoshandiswa muhurongwa. Izvi zvinogona kuitwa kuburikidza neiyo graphical interface kana kuburikidza nemirairo pamutsara wekuraira, zvichienderana nerudzi rweFirewall inoshandiswa.
- Gadzira ingress uye egress mitemo: Paunenge uchinge wawana iyo Firewall kumisikidzwa, iwe unofanirwa kugadzira yakatarwa mitemo yekubvumira traffic pane yaunoda madoko. Mitemo iyi inoudza Firewall zvekuita netraffic inosvika pamachiteshi akatarwa, kungave kuibvumidza kana kuivharira.
Izvo zvakakosha kuyeuka kuti iyo Firewall kumisikidzwa inogona kusiyana zvichienderana sisitimu yekushandisa uye kuchengetedza software inoshandiswa. Naizvozvo, zvinokurudzirwa kubvunza chaiwo Firewall zvinyorwa kana kutsvaga online tutorials kuti uwane rumwe ruzivo rwekuvhura madoko munzvimbo iyoyo chaiyo. Nekutevera nhanho idzi, iwe unozogona kuvhura chaiwo madoko muSnort Firewall uye kuona kuti traffic inodiwa inogona kupfuura pasina matambudziko.
6. Yakakosha Ports yeData Traffic muSnort: Reference List
Muchikamu chino, tichapa rondedzero yereferensi yemadoko akakosha e data traffic muSnort. Aya madoko akakosha pakushanda kwakanaka kweSnort uye anofanirwa kunyatsotariswa kuti ave nechokwadi chekuchengetedzwa kwetiweki. Pazasi pane akakosha madoko aunofanirwa kuziva:
- Chiteshi 80-Inozivikanwa seHTTP, ndiyo yakajairika chiteshi inoshandiswa pawebhu kutaurirana. Izvo zvakakosha kuti utarise traffic yewebhu uye kuona zvinogona kutyisidzira kana zviitiko zvekufungira.
- Chiteshi 443: Inonzi HTTPS, ndiyo chiteshi chakachengeteka chinoshandiswa kune yakachengeteka data kutaurirana paInternet. Kuongorora chiteshi ichi kwakakosha kuti uone zvingangoedza kuedza kubata ruzivo rwakadzama.
- Chiteshi 25: Inozivikanwa se SMTP (Simple Mail Transfer Protocol), ndiyo chiteshi chinoshandiswa kubuda email kutapurirana. Zvakakosha kutarisa chiteshi ichi kuti uone zvinogona kuitika spam kurwisa kana kuedza kutumira maimeri ane hutsinye.
Pamusoro pezviteshi zvakakosha izvi, zvinokurudzirwa kutarisa mamwe madoko anowanzo shandiswa, senge chiteshi 22 yeSSH (Yakachengeteka Shell) uye iyo chiteshi 21 yeFTP (Faira Kutumira Protocol). Aya madoko anotarirwa kurwiswa nechisimba uye anofanirwa kutariswa zvakanyanya.
Zvakakosha kuyeuka kuti iyi ndiyo imwe chete reference list uye kuti madoko anoshandiswa panetiweki yako anogona kusiyana zvichienderana nemashandisirwo nemasevhisi ari kushanda. Zvinokurudzirwa kuita yakakwana network scan kuti uone madoko akakosha anoda kutariswa neSnort.
7. Solutions to Common Matambudziko Pakuvhura Ports for Snort
Kugadzirisa matambudziko akajairika pakuvhura zviteshi zveSnort, pane akati wandei dzimwe nzira dzinogona kubatsira kugadzirisa chero zvipingamupinyi zvinomuka. Pazasi pane mamwe mhinduro anogona kufambisa maitiro:
- Tarisa magadzirirwo efirewall: Usati wavhura zviteshi, zvakakosha kuti uve nechokwadi chekuti firewall haisi kuvharira zvinongedzo. Zvinokurudzirwa kuti uongorore mitemo ye firewall uye kubvumira zvose zviri kuuya uye zvinobuda traffic kune zviteshi zvaunoda kuvhura.
- Tarisa router: Kana router iri kushandiswa, zvakakosha kuve nechokwadi kuti inogadziriswa nemazvo. Mamwe ma router ane akavakirwa-mukati ekuchengetedza maficha anogona kuvharira kana kudzora mamwe madoko. Kuongorora marongero e router uye kubvumira traffic kuburikidza neinodiwa ports inogona kugadzirisa matambudziko.
- Shandisa port scanning maturusi: Kana iwe uchinetseka kuona kuti chiteshi chakavhurika here kana kuti chakavharwa, unogona kushandisa maturusi ekuvheneka pachiteshi seNmap. Zvishandiso izvi zvinokutendera kuti uongorore mamiriro ezviteshi uye kuona kuti akavhurika nemazvo.
Kuburikidza nematanho aya, zvinogoneka kugadzirisa matambudziko akajairwa pakuvhura madoko eSnort uye kuve nechokwadi chekugadzirisa. Nekudaro, zvakakosha kuyeuka kuti mamiriro ese anogona kunge akasiyana uye anoda chaiwo mhinduro.
8. Maziviro uye Kudzivirira MaPorts Asingadiwi Anogona Kuvhiringidza Kupfava
Kuti uone uye udzivise zviteshi zvisingadiwe zvinogona kukanganisa Snort, zvakakosha kuti uite ongororo yakakwana yekumisikidzwa kwehurongwa hwazvino. Pazasi pane akati wandei matanho ekutevera:
- Tanga nekuongorora yako Snort mitemo kuti uone kuti yakagadziridzwa nemazvo uye kusvika parizvino. Izvi zvinosanganisira kuona kuti zviteshi zvaunoda kutarisa zvinosanganisirwa mumirau uye kuti hapana mitemo inogona kuvharisa madoko akakosha kunetiweki yako.
- Ita kunyatsoongorora pachiteshi uchishandisa maturusi akaita senmap kuona madoko akavhurika uye akavharika panetiweki yako. Chengetedza zvakanyanya kune izvo zviteshi izvo zvisingafanirwe kuvhurika uye izvo zvinogona kutyisidzira kuchengetedzeka kwehurongwa hwako.
- Funga kushandisa firewall kuvhara zviteshi zvisingadiwe. Iwe unogona kushandisa iptables kana mamwe maturusi akafanana kugadzirisa mitemo ye firewall inovharira kupinda kune zviteshi zvausingadi kuvhurika. Iva nechokwadi chekutarisa zvinyorwa zvechombo chaunosarudza kuti uwane mirairo ine hudzamu yekuti ungachigadzira sei nemazvo.
Kana uchinge washandisa matanho aya, zvakakosha kuti ugare uchitarisisa maSnort logs ako kune chero chiitiko chekufungidzira kana zvisingadiwe chiteshi chekuyedza. Kana iwe ukaona chero zviteshi zvausingade kushandisa, iwe unofanirwa kupeta kaviri kuedza kwako kuvavharira uye kuchengetedza network yako.
9. Snort uye Anotambura Ports: Kuchengetedza Network Security
Rimwe rematambudziko akanyanya mukuchengetedzeka kwenetiweki kuve nechokwadi chekuti hapana zviteshi zvinoshupika zvinogona kushandiswa nevanorwisa. Snort, intrusion yekuona uye yekudzivirira chishandiso, inogona kuve mhinduro inoshanda kuchengetedza chengetedzo ye network yedu. Pazasi pane nhanho-ne-nhanho maitiro ekushandisa Snort kuchengetedza yedu isina njodzi ports.
1. Isa Snort: Chinhu chekutanga chatinofanira kuita kurodha uye kuisa Snort pane yedu system. Isu tinogona kuwana iyo software mu webhusaiti Snort official uye tevera mirairo yekuisa zvinoenderana neyedu yekushandisa system.
2. Gadzirisa Snort: Kana Snort yaiswa, isu tinofanirwa kuita yekutanga kumisikidzwa. Izvi zvinosanganisira kutsanangura kuona kupindira uye mitemo yekudzivirira. Tinogona kushandisa iyo yakafanotsanangurwa mitemo inouya neSnort kana kugadzirisa tsika tsika zvinoenderana nezvatinoda. Zvinokurudzirwa kubvunza zvinyorwa uye sampuro mitemo inowanikwa paSnort webhusaiti kuti igadziriswe.
10. Yepamberi Port Configuration yeKuvandudza Snort Efficiency
Yepamberi yekumisikidzwa kwechiteshi kwakakosha kuvandudza kugona kweSnort, ichibvumira kuwonekwa kweyakaipa network traffic zvakanyanya. Muchikamu chino, tinokuratidza maitiro ekuita iyi gadziriro nhanho nhanho.
Chekutanga pane zvese, zvakakosha kuziva kuti Snort inoshandisa mitemo kuona uye kunyevera nezve zviitiko zvinofungirwa pane network. Sarudzo yakakosha yekuvandudza hunyanzvi ndeyekugadzirisa madoko chaiwo pane kuongorora traffic yese. Kuti uite izvi, unogona kushandisa iyo "portvar" dhairekitori muSnort gadziriso faira. Semuyenzaniso:
- Gadzirisa madoko: Tsanangura madoko aunoda kutarisa uchishandisa "portvar" kuraira kunoteverwa nemadoko akaparadzaniswa nemakoma. Semuyenzaniso,
portvar HTTP_PORTS [80, 8080]. Izvi zvinovimbisa kuti Snort inongotarisa traffic pane iwo madoko, ichichengetedza system zviwanikwa. - Shandisa port denial: Kana paine mamwe madoko aunoda kusabvisa kubva kuSnort scanning, unogona kushandisa yekuramba syntax. Semuyenzaniso,
!22isingabatanidzi port 22 (SSH) kubva pakuongorora.
Pamusoro pekugadzirisa madoko, zvinokurudzirwa kuita mamwe magadzirirwo ekuvandudza kugona kweSnort. Izvi zvinosanganisira:
- Gadzirisa maburiro: Gadzirisa zvikumbaridzo kuti udzivise zvinyorwa zvenhema uye kuderedza pamusoro.
- Shandisa IP-lists: Shandisa IP kero rondedzero kusefa traffic nekwaunobva kana kwekuenda, kudzivirira kuongororwa kusingakoshi.
- Gadzirisa mitemo: Chengetedza mitemo yeSnort ichiri kuenderana kuitira kuti uone kutyisidzira kwazvino kwekuchengetedza.
Nekutevera nhanho idzi, iwe unozogona kuita yepamusoro chiteshi kumisikidzwa muSnort kuti unyatso kunatsiridza kushanda kwayo uye kurongeka mukuona kwakashata traffic. Rangarira kuti zvinogara zvichikurudzirwa kuita kuyedza kwakakura uye kutarisa mashandiro ehurongwa mushure mekushandisa shanduko idzi.
11. Custom Ports in Snort: Ndeipi Maitirwo eKuasarudza?
Tsika ports muSnort inobvumira manetiweki maneja kuti asarudze kuti ndeapi madoko avanoda kutarisisa uye kuongorora chiitiko chekufungidzira. Maitiro ekusarudza aya madoko anofanirwa kubva paruzivo uye kunzwisisa kwesangano network network uye zvinogona kutyisidzira zvarinosangana nazvo. Pazasi pane mamwe mapoinzi ekufunga kana uchisarudza tsika ports muSnort:
1. Kufamba kwepamutemo: Zvakakosha kuziva zviteshi zvinowanzo shandiswa kune zviri pamutemo traffic panetiweki yako, sezviteshi zvakajairwa zvemasevhisi akajairika akadai seHTTP, FTP, SSH, nezvimwe. Aya madoko anofanirwa kuverengerwa mune rondedzero yetsika ports kuitira kuti Snort ikwanise kutarisa uye kuongorora chiitiko ichocho kuitira kurwiswa kunobvira kana maitiro akaipa.
2. Zviteshi zvakakosha: Pamusoro pezviteshi zvakajairwa, iwe unofanirwa kufunga zvakare kusanganisira izvo zvakakosha kune yako masikirwo murunyorwa rwetsika ports. Aya anogona kunge ari madoko anoshandiswa nemaapplication kana masevhisi akakosha kusangano rako. Nekutarisa aya madoko zvakanyanya, iwe unozokwanisa kuona chero chiitiko chekufungidzira kana kuedza kukanganisa kuchengetedzeka kwetiweki yako.
3. Kubva pamishumo yekutyisidzira: Imwe nzira yekusarudza zviteshi zvetsika muSnort inobva pane zvakajairika kutyisidzira uye kurwiswa. Semuyenzaniso, kana paine tyisidziro inokanganisa imwe chiteshi, kusanganisira iyo chiteshi chezviteshi zvetsika zvinogona kubatsira kuona nekudzivirira kurwiswa kungangoitika. Kugara uchifambirana nenguva pane ichangoburwa yekuchengetedzwa kwepamhepo kutyisidzira uye maitiro anogona kupa nzwisiso yekuti madoko anofanira kunyatsotariswa.
Rangarira kuti Snort inopawo kugona kugadzira tsika mitemo yekutarisa uye kuongorora traffic pane chaiwo madoko. Mitemo iyi inogona kugadziriswa zvichienderana nezvinodiwa nemunhu wesangano. Paunenge uchisarudza tsika ports muSnort, zvakakosha kuti utarise zviri pamutemo traffic, yakakosha madoko, uye mishumo yekutyisidzira kuti uve nechokwadi chekuonekwa kwezvingangoita nyaya dzekuchengetedza panetiweki yako.
12. Kusimbiswa kwePort Opening muSnort: Zvishandiso uye Nzira
Kuona kuvhurwa kwezviteshi muSnort ibasa rakakosha kuvimbisa chengetedzo munetiweki. Kune akasiyana maturusi uye nzira dzinotitendera kuti tiite iyi yekusimbisa nemazvo. Pazasi, isu tichapa mamwe akakosha matanho uye maturusi ayo anozobatsira zvakanyanya mukuita uku.
Kutanga, zvinokurudzirwa kushandisa mudziyo wekutarisa chiteshi, senge Nmap, kuona madoko akavhurika pane system. Nmap chishandiso chakavhurika sosi iyo inoshandiswa kuongorora network uye kuongorora kuchengetedzwa kwemakomputa masisitimu. Unogona kuimhanyisa nemurairo unotevera: nmap -p 1-65535 [dirección IP]. Uyu murairo uchatarisa madoko ese mune yakatarwa renji uye kukuratidza kuti ndeapi akavhurika.
Imwe nzira yekuona kuvhurwa kwechiteshi ndeye kushandisa "snort -T" basa kuita cheki ye syntax uye kutonga kurongeka muSnort. Ichi chimiro chinokutendera iwe kuti uve nechokwadi chekuti mitemo inotsanangurwa nemazvo uye kuti madoko akavhurika. Kana kukanganisa kukaonekwa, Snort inokupa ruzivo rwakadzama nezve pane dambudziko, zvichiita kuti zvive nyore kugadzirisa.
13. Chengetedzo Chengetedzo Pakuvhura MaPorts eSnort
Pakuvhura zviteshi zveSnort, zvakakosha kuti uchengete zvimwe zvekuchengetedza mupfungwa kuti uve nechokwadi chekumisikidzwa uye kudzivirira njodzi dzinogona kuitika. Hezvino zvimwe zvakakosha zvekuchengeta mupfungwa:
1. Nyatsosarudza zviteshi zvekuvhura: Usati wavhura chero chiteshi, zvakakosha kuti unyatso ongorora kuti ndeapi masevhisi kana maapplication achashandiswa uye ndeapi madoko anofanira kuvhurwa. Zvinokurudzirwa kuvhura chete madoko anodiwa uye kuvhara mamwe ese kudzikisa njodzi yekurwiswa kwekunze.
2. Shandisa firewall: Kuti usimbise kuchengetedzwa pakuvhura zviteshi, zvinokurudzirwa kushandisa firewall. Iyo firewall inoshanda sechipinganidzo pakati petiweki yemukati uye yekunze traffic, kutonga kuti ndeapi madoko akavhurika uye kurambidza kupinda kusingatenderwe. Mitemo chaiyo inofanirwa kugadzirwa kuti ibvumire Snort traffic uye kuvhara traffic isingadikanwi.
3. Gara uchivandudza Snort: Kuchengeta Snort kusvika parizvino neazvino kuchengetedzwa kwakakosha kuchengetedza system yako. Zvigadziriso zvinowanzo gadzirisa zvinozivikanwa uye wedzera maficha matsva ekuchengetedza. Ita shuwa kuti unogara uchifambirana neshanduro dzichangoburwa uye shandisa zvigadziriso panguva yakakodzera kudzivirira zvingangoitika zvekuchengetedza.
14. Kuedza neAkasiyana Port Configurations yeSnort: Nyaya Yekudzidza
Mu "Kuedza neDifferent Port Configurations for Snort" chidzidzo chenyaya, akati wandei anogoneka masisitimu anounzwa kuti akwidzise mashandiro eSnort, yakavhurika sosi network intrusion yekuona software. Pazasi pane nhanho-ne-nhanho nzira yeku kugadzirisa matambudziko inoenderana nekugadziriswa kwechiteshi muSnort.
Chekutanga, zvakakosha kuti unzwisise kuti Snort inoshandisa mitemo kuti ione zvinogona kupindira pane network. Mitemo iyi inoshanda kunetiweki mapaketi anogamuchirwa pazviteshi zvakatarwa. Kuedza neakasiyana magadzirirwo echiteshi cheSnort, unogona kutevedzera aya matanho:
- Ziva madoko chaiwo aunoda kutarisa paari. Unogona kuwana a runyorwa rwakazara yezviteshi zvinowanikwa muSnort gadziriso faira.
- Shandisa maturusi akaita seNmap kutarisa network uye kuona kuti ndeapi madoko akavhurika uye ari kushandiswa. Izvi zvichakubatsira kuona zviteshi zvinonyanya kukosha kune zvaunoda.
- Shandura iyo Snort yekumisikidza faira kuti utaure madoko aunoda kutarisa paari. Iwe unogona kushandisa mirairo se "portvar" kana "portvar_list" kutsanangura chaiwo marenji echiteshi kana mazita echiteshi.
- Tangazve Snort kuti shanduko dzemagadzirirwo dziite.
Kana uchinge waedza neakasiyana magadzirirwo echiteshi, zvakakosha kuti uedze zvakanyanya kuti uongorore mashandiro aSnort. Unogona kushandisa maturusi akaita seWireshark kubata uye kuongorora network traffic uye kuona kana Snort iri kunyatso kuona mapindiro pazviteshi zvakagadziriswa. Rangarira kugadzirisa marongero sezvinodiwa uye ita yekuwedzera kuyedza kuti uwedzere kukwirisa kuita kweSnort munzvimbo yako chaiyo.
Mukupedzisa, kusarudzwa kwezviteshi zvekuvhurira Snort chinhu chakakosha kuvimbisa kushanda kweiyi intrusion yekuona system. Maitiro ekucherekedza nekusarudza madoko akakodzera anoda kuongororwa kwakadzama kwetiweki traffic uye zvakati chengetedzo zvinodiwa zvenzvimbo yega yega. Izvo zvakakosha kuti uzive kuti hazvisi zvese zviteshi zvinoda kuvhurwa, uye kuvhura zviteshi zvakawandisa zvisingaite zvinogona kuisa network kune njodzi huru.
Zvinokurudzirwa kutevedzera nhungamiro inokurudzirwa nenyanzvi dzekuchengetedza, pamwe nekufunga nezve izvo zvezvivakwa uye masevhisi anoshandiswa mune yega yega. Pamusoro pezvo, zvakakosha kuti ugare uchitarisa matanda uye zviziviso zvinogadzirwa neSnort kuti uone chero maitiro ekufungira kana kuita kwakashata.
Nekujairana nemisimboti yekutanga yeSnort uye nekunzwisisa nzira yekusarudza kuti ndeapi madoko ekuvhura nehungwaru, maneti manejimendi anozogadzirira zvirinani kuchengetedza masisitimu avo uye kuchengetedza kutendeseka kwe. ruzivo rwako. Ngatirege kukanganwa kuti kuchengetedzwa kwetiweki inzira inoenderera uye ine simba inoda kugara ichitariswa uye kuchinjika kune kutyisidzira kutsva kunogara kuchimuka. NeSnort uye kusarudzwa kwakakodzera kwezviteshi zvakavhurika, zvinokwanisika kuwedzera zvakanyanya kuchengetedzeka uye kuchengetedza masisitimu akadzivirirwa kubva kune zvisingadiwe intrusions.
Ini ndiri Sebastián Vidal, injiniya wekombuta anofarira nezve tekinoroji uye DIY. Uyezve, ndini musiki we tecnobits.com, kwandinogovera zvidzidzo kuti tekinoroji iwanikwe uye inonzwisisika kumunhu wese.