ProHoster > Blog > litaba tsa inthanete > Ho lokolloa ha beta ea ho qetela ea Snort 3 intrusion discovery system

Ho lokolloa ha beta ea ho qetela ea Snort 3 intrusion discovery system

Khampani ea Cisco hlahisoa mofuta oa ho qetela oa beta oa sistimi e hlophisitsoeng bocha ea ho thibela tlhaselo Hlahisa 3, eo hape e tsejoang ka hore ke projeke ea Snort ++, e 'nileng ea sebetsa nako le nako ho tloha ka 2005. Mokhethoa oa tokollo o reriloe ho phatlalatsoa hamorao selemong sena.

Lekaleng le lecha, mohopolo oa sehlahisoa o nahanoa bocha ka ho felletseng mme meaho e hlophisoa bocha. Har'a libaka tse ileng tsa hatisoa ha ho lokisoa lekala le lecha, ho ne ho e-na le ho nolofatsa ho theha le ho qala Snort, automation of configuration, ho nolofatsa puo bakeng sa ho haha ​​melao, ho lemoha ka mokhoa o itekanetseng oa liprothokholo tsohle, ho fana ka khetla bakeng sa taolo ho tloha ho taelo. line, ts'ebeliso e sebetsang ea multithreading e nang le phihlello e arolelanoang ea li-processor tse fapaneng ho tlhophiso e le 'ngoe.

Litlhahiso tse latelang tsa bohlokoa li kentsoe tšebetsong:

  • Phetoho e entsoe ho sistimi e ncha ea tlhophiso e fanang ka syntax e nolofalitsoeng mme e lumella ts'ebeliso ea mangolo ho hlahisa litlhophiso ka matla. LuaJIT e sebelisoa ho sebetsana le lifaele tsa tlhophiso. Li-plugins tse thehiloeng ho LuaJIT li fanoa ka ts'ebetsong ea likhetho tse eketsehileng bakeng sa melao le tsamaiso ea ho rema lifate;
  • Enjene ea ho lemoha tlhaselo e nchafalitsoe, melao e nchafalitsoe, 'me bokhoni ba ho tlama li-buffer melaong (li-buffers tse khomarelang) li kentsoe. Ho ile ha sebelisoa mochine oa ho batla oa Hyperscan, o entseng hore ho khonehe ho sebelisa mekhoa e potlakileng le e nepahetseng e hlahisitsoeng ho latela lipolelo tse tloaelehileng melaong;
  • E kenyellelitse mokhoa o mocha oa ho itlhahloba bakeng sa HTTP o nkang boemo ba thuto 'me o akaretsa 99% ea maemo a tšehetsoeng ke sehlopha sa liteko. HTTP Evader. Khoutu ea ho tšehetsa HTTP/2 e ntse e tsoela pele;
  • Ts'ebetso ea mokhoa o tebileng oa tlhahlobo ea pakete e ntlafalitsoe haholo. E ekelitse bokhoni ba ho sebetsana le lipakete tse ngata, ho lumella ho etsoa ha likhoele tse 'maloa ka nako e le' ngoe ka li-processor tsa pakete le ho fana ka scalability ea linear ho latela palo ea li-cores tsa CPU;
  • Ho sebelisitsoe litafole tse tloaelehileng tsa polokelo le litšobotsi, tse arolelanoang lipakeng tsa li-subsystems tse fapaneng, tse fokolitseng haholo tšebeliso ea mohopolo ka ho felisa ho pheta-pheta tlhahisoleseling;
  • Sistimi e ncha ea ho rema liketsahalo e sebelisa sebopeho sa JSON mme e kopantsoe habonolo le sethala sa kantle joalo ka Elastic Stack;
  • Phetoho ho ea moahong oa modular, bokhoni ba ho holisa ts'ebetso ka ho hokahanya li-plugins le ho kenya ts'ebetsong li-subsystems tsa bohlokoa ka mokhoa oa li-plugins tse ka nkeloang sebaka. Hajoale, li-plugins tse makholo a 'maloa li se li kentsoe ts'ebetsong bakeng sa Snort 3, tse koahelang libaka tse fapaneng tsa kopo, mohlala, ho u lumella ho eketsa li-codec tsa hau, mekhoa ea ho itlhahloba, mekhoa ea ho rema lifate, liketso le likhetho melaong;
  • Ho lemoha ka tsela e iketsang ea lits'ebeletso tse sebetsang, ho tlosa tlhoko ea ho hlakisa likou tsa marang-rang tse sebetsang.

Liphetoho ha li bapisoa le tokollo ea tlhahlobo ea ho qetela, e phatlalalitsoeng ka 2018:

  • Ts'ehetso e ekelitsoeng bakeng sa lifaele ho hlakola litlhophiso kapele tse amanang le tlhophiso ea kamehla;
  • Khoutu e fana ka bokhoni ba ho sebelisa lisebelisoa tsa C ++ tse hlalositsoeng ka mokhoa o tloaelehileng oa C ++ 14 (mohaho o hloka moqapi o tšehetsang C ++ 14);
  • E kenyellelitse mochine o mocha oa VXLAN;
  • Patlo e ntlafalitsoeng ea mefuta ea litaba ka litaba ka ho sebelisa mekhoa e ntlafalitsoeng ea algorithm Boyer-Moore и Hyperscan;
  • Sistimi ea tlhahlobo ea sephethephethe ea HTTP/2 e se e batla e tlisitsoe ho itokisetsa ka botlalo;
  • Ho qala ho potlakisa ka ho sebelisa likhoele tse ngata ho bokella lihlopha tsa melao;
  • E kentse mokhoa o mocha oa ho rema lifate;
  • Ntlafatso ea ho lemoha liphoso tsa Lua le li-whitelist tse ntlafalitsoeng;
  • Liphetoho li entsoe ho lumella ho kenya litlhophiso hape ka sefofane;
  • Lenaneo la tlhahlobo la RNA (Real-time Network Awareness) le ekelitsoe, ho bokella tlhahisoleseding e mabapi le lisebelisoa, mabotho, likopo le litšebeletso tse fumanehang marang-rang;
  • Ho nolofatsa tlhophiso, ts'ebeliso ea snort_config.lua le SNORT_LUA_PATH e emisitsoe.

Source: opennet.ru

Eketsa ka tlhaloso