Cisco tuam txhab kawg beta version ntawm kev tsim kho tshiab kev tiv thaiv kev tawm tsam tag nrho , tseem hu ua Snort ++ project, uas tau ua haujlwm tsis tu ncua txij li xyoo 2005. Ib tus neeg sib tw tso tawm tau npaj yuav tshaj tawm tom qab xyoo no.
Nyob rau hauv lub tshiab ceg, cov khoom tswv yim yog kiag li rethought thiab lub architecture yog redesigned. Ntawm cov cheeb tsam uas tau hais txog thaum npaj ib ceg tshiab, muaj qhov yooj yim ntawm kev teeb tsa thiab tso tawm Snort, automation ntawm configuration, yooj yim ntawm cov lus rau kev tsim cov cai, tsis siv neeg nrhiav kom tau tag nrho cov kev cai, muab lub plhaub rau kev tswj los ntawm cov lus txib. kab, nquag siv multithreading nrog kev sib koom nkag ntawm cov txheej txheem sib txawv rau ib qho kev teeb tsa.
Cov kev hloov tshiab tseem ceeb hauv qab no tau ua tiav:
- Ib qho kev hloov pauv tau ua rau ib qho kev teeb tsa tshiab uas muaj cov lus qhia yooj yim thiab tso cai rau kev siv cov ntawv los tsim kom muaj teeb meem. LuaJIT yog siv los ua cov ntaub ntawv teeb tsa. Plugins raws li LuaJIT tau muab nrog rau kev siv cov kev xaiv ntxiv rau cov cai thiab kev kaw lus;
- Lub cav tshawb nrhiav kev tawm tsam tau raug kho dua tshiab, cov kev cai tau hloov kho, thiab muaj peev xwm los khi buffers hauv cov cai (nplaum buffers) tau ntxiv. Lub tshuab tshawb nrhiav Hyperscan tau siv, uas ua rau nws muaj peev xwm siv tau nrawm dua thiab ua kom raug cov qauv raws li cov lus qhia tsis tu ncua hauv cov cai;
- Ntxiv ib qho tshiab introspection hom rau HTTP uas yuav siv sij hawm mus rau hauv tus account lub xeev kev sib kho thiab npog 99% ntawm cov xwm txheej txhawb nqa los ntawm qhov kev xeem suite . Code los txhawb HTTP/2 yog nyob rau hauv txoj kev loj hlob;
- Qhov kev ua tau zoo ntawm kev soj ntsuam cov pob ntawv sib sib zog nqus tau ua kom zoo dua qub. Ntxiv lub peev xwm rau ntau cov xov pob ntawv ua tiav, tso cai rau kev ua tiav ib txhij ntawm ntau cov xov nrog cov txheej txheem ntim khoom thiab muab cov kab scalability nyob ntawm seb muaj pes tsawg tus CPU cores;
- Ib qho kev teeb tsa thiab cov rooj sib tham tau muab coj los siv, uas yog sib koom ntawm cov subsystems sib txawv, uas tau txo qis kev nco qab los ntawm kev tshem tawm cov ntaub ntawv duplicate;
- Cov xwm txheej tshiab txiav txim siab siv JSON hom thiab yooj yim koom nrog lwm lub platform xws li Elastic Stack;
- Hloov mus rau cov qauv tsim qauv, muaj peev xwm nthuav dav kev ua haujlwm los ntawm kev sib txuas plugins thiab siv cov subsystems tseem ceeb hauv daim ntawv hloov pauv plugins. Tam sim no, ntau pua plugins twb tau ua tiav rau Snort 3, suav nrog ntau qhov chaw ntawm daim ntawv thov, piv txwv li, tso cai rau koj ntxiv koj tus kheej codecs, hom kev soj ntsuam, kev nkag mus, kev ua thiab kev xaiv hauv cov cai;
- Tsis siv neeg tshawb pom ntawm cov kev pabcuam khiav, tshem tawm qhov xav tau manually qhia cov chaw nres nkoj hauv network.
Kev hloov pauv piv rau qhov kev xeem dhau los, uas tau luam tawm xyoo 2018:
- Ntxiv kev txhawb nqa rau cov ntaub ntawv kom ceev nrooj override nqis txheeb ze rau lub neej ntawd teeb tsa;
- Cov cai muab lub peev xwm los siv C ++ constructs uas tau teev tseg hauv C ++ 14 tus qauv (tsim yuav tsum muaj lub compiler uas txhawb C ++ 14);
- Ntxiv tshiab VXLAN handler;
- Txhim kho kev tshawb nrhiav cov ntsiab lus los ntawm cov ntsiab lus siv cov kev hloov kho tshiab algorithm ΠΈ ;
- HTTP/2 kev soj ntsuam tsheb yuav luag tau coj los ua kom tiav;
- Kev pib yog nrawm los ntawm kev siv ntau cov xov los sau cov pab pawg ntawm cov cai;
- Ntxiv ib qho kev txiav tawm tshiab;
- Txhim kho kev tshawb pom ntawm Lua yuam kev thiab ua kom zoo rau cov npe dawb;
- Cov kev hloov pauv tau ua kom tso cai rov qab cov chaw nyob ntawm ya;
- Ib qho RNA (Real-time Network Awareness) kev soj ntsuam tau raug ntxiv, sau cov ntaub ntawv hais txog cov peev txheej, tus tswv tsev, cov ntawv thov thiab cov kev pabcuam muaj nyob hauv lub network;
- Txhawm rau ua kom yooj yim rau kev teeb tsa, kev siv snort_config.lua thiab SNORT_LUA_PATH tau raug txiav lawm.
Tau qhov twg los: opennet.ru