Tso tus neeg sib tw rau Snort 3 nres nrhiav kom tau qhov system

Cisco tuam txhab tshaj tawm ntawm txoj kev loj hlob ntawm ib tug tso tawm neeg sib tw rau ib tug kiag li redesigned nres kev tiv thaiv system Qwj 3, tseem hu ua Snort ++ project, uas tau ua haujlwm tsis tu ncua txij li xyoo 2005. Qhov kev tso tawm ruaj khov yog npaj yuav tshaj tawm hauv ib hlis.

Hauv Snort 3 ceg, cov khoom lag luam lub tswv yim tau rov xav dua thiab cov qauv tsim tau raug kho dua tshiab. Ntawm qhov tseem ceeb ntawm txoj kev loj hlob ntawm Snort 3: kev yooj yim ntawm kev teeb tsa thiab khiav Snort, automation ntawm configuration, yooj yim ntawm cov lus rau kev tsim cov cai, tsis siv neeg nrhiav kom tau tag nrho cov kev cai, muab lub plhaub rau kev tswj los ntawm cov kab hais kom ua, nquag siv. multithreading nrog kev sib koom ua ke ntawm cov processors sib txawv rau ib qho kev teeb tsa.

Cov kev hloov tshiab tseem ceeb hauv qab no tau ua tiav:

  • Ib qho kev hloov pauv tau ua rau ib qho kev teeb tsa tshiab uas muaj cov lus qhia yooj yim thiab tso cai rau kev siv cov ntawv los tsim kom muaj teeb meem. LuaJIT yog siv los ua cov ntaub ntawv teeb tsa. Plugins raws li LuaJIT tau muab nrog rau kev siv cov kev xaiv ntxiv rau cov cai thiab kev kaw lus;
  • Lub cav tshawb nrhiav kev tawm tsam tau raug kho dua tshiab, cov kev cai tau hloov kho, thiab muaj peev xwm los khi buffers hauv cov cai (nplaum buffers) tau ntxiv. Lub tshuab tshawb nrhiav Hyperscan tau siv, uas ua rau nws muaj peev xwm siv tau nrawm dua thiab ua kom raug cov qauv raws li cov lus qhia tsis tu ncua hauv cov cai;
  • Ntxiv ib qho tshiab introspection hom rau HTTP uas yuav siv sij hawm mus rau hauv tus account lub xeev kev sib kho thiab npog 99% ntawm cov xwm txheej txhawb nqa los ntawm qhov kev xeem suite HTTP Evader. Ntxiv HTTP/2 kev tshuaj xyuas tsheb;
  • Qhov kev ua tau zoo ntawm kev soj ntsuam cov pob ntawv sib sib zog nqus tau ua kom zoo dua qub. Ntxiv lub peev xwm rau ntau cov xov pob ntawv ua tiav, tso cai rau kev ua tiav ib txhij ntawm ntau cov xov nrog cov txheej txheem ntim khoom thiab muab cov kab scalability nyob ntawm seb muaj pes tsawg tus CPU cores;
  • Ib qho kev teeb tsa thiab cov rooj sib tham tau muab coj los siv, uas yog sib koom ntawm cov subsystems sib txawv, uas tau txo qis kev nco qab los ntawm kev tshem tawm cov ntaub ntawv duplicate;
  • Cov xwm txheej tshiab txiav txim siab siv JSON hom thiab yooj yim koom nrog lwm lub platform xws li Elastic Stack;
  • Hloov mus rau cov qauv tsim qauv, muaj peev xwm nthuav dav kev ua haujlwm los ntawm kev sib txuas plugins thiab siv cov subsystems tseem ceeb hauv daim ntawv hloov pauv plugins. Tam sim no, ntau pua plugins twb tau ua tiav rau Snort 3, suav nrog ntau qhov chaw ntawm daim ntawv thov, piv txwv li, tso cai rau koj ntxiv koj tus kheej codecs, hom kev soj ntsuam, kev nkag mus, kev ua thiab kev xaiv hauv cov cai;
  • Tsis siv neeg tshawb pom ntawm cov kev pabcuam khiav, tshem tawm qhov xav tau manually qhia cov chaw nres nkoj hauv network.
  • Ntxiv kev txhawb nqa rau cov ntaub ntawv kom ceev nrooj override chaw txheeb ze rau lub neej ntawd configuration. Txhawm rau ua kom yooj yim rau kev teeb tsa, kev siv snort_config.lua thiab SNORT_LUA_PATH tau raug txiav lawm.
    Ntxiv kev txhawb nqa rau reloading chaw ntawm ya;

  • Cov cai muab lub peev xwm los siv C ++ constructs uas tau teev tseg hauv C ++ 14 tus qauv (tsim yuav tsum muaj lub compiler uas txhawb C ++ 14);
  • Ntxiv tshiab VXLAN handler;
  • Txhim kho kev tshawb nrhiav cov ntsiab lus los ntawm cov ntsiab lus siv cov kev hloov kho tshiab algorithm Boyer-Moore ΠΈ Hyperscan;
  • Kev pib yog nrawm los ntawm kev siv ntau cov xov los sau cov pab pawg ntawm cov cai;
  • Ntxiv ib qho kev txiav tawm tshiab;
  • Ib qho RNA (Real-time Network Awareness) kev tshuaj xyuas tau raug ntxiv, uas sau cov ntaub ntawv hais txog cov peev txheej, cov tswv tsev, cov ntawv thov thiab cov kev pabcuam muaj nyob hauv lub network.

Tau qhov twg los: opennet.ru

Ntxiv ib saib