Inkampani yeCisco
Π Π²Π΅ΡΠΊΠ΅ Snort 3 ΠΏΠΎΠ»Π½ΠΎΡΡΡΡ ΠΏΠ΅ΡΠ΅ΠΎΡΠΌΡΡΠ»Π΅Π½Π° ΠΊΠΎΠ½ΡΠ΅ΠΏΡΠΈΡ ΠΏΡΠΎΠ΄ΡΠΊΡΠ° ΠΈ ΠΏΠ΅ΡΠ΅ΡΠ°Π±ΠΎΡΠ°Π½Π° Π°ΡΡ ΠΈΡΠ΅ΠΊΡΡΡΠ°. Π‘ΡΠ΅Π΄ΠΈ ΠΊΠ»ΡΡΠ΅Π²ΡΡ Π½Π°ΠΏΡΠ°Π²Π»Π΅Π½ΠΈΠΉ ΡΠ°Π·Π²ΠΈΡΠΈΡ Snort 3: ΡΠΏΡΠΎΡΠ΅Π½ΠΈΠ΅ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ ΠΈ Π·Π°ΠΏΡΡΠΊΠ° Snort, Π°Π²ΡΠΎΠΌΠ°ΡΠΈΠ·Π°ΡΠΈΡ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ, ΡΠΏΡΠΎΡΠ΅Π½ΠΈΡ ΡΠ·ΡΠΊΠ° ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ ΠΏΡΠ°Π²ΠΈΠ», Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠ΅ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ Π²ΡΠ΅Ρ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»ΠΎΠ², ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½ΠΈΡ ΠΎΠ±ΠΎΠ»ΠΎΡΠΊΠΈ Π΄Π»Ρ ΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ ΠΈΠ· ΠΊΠΎΠΌΠ°Π½Π΄Π½ΠΎΠΉ ΡΡΡΠΎΠΊΠΈ, Π°ΠΊΡΠΈΠ²Π½ΠΎΠ΅ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΠ΅ ΠΌΠ½ΠΎΠ³ΠΎΠΏΠΎΡΠΎΡΠ½ΠΎΡΡΠΈ Ρ ΡΠΎΠ²ΠΌΠ΅ΡΡΠ½ΡΠΌ Π΄ΠΎΡΡΡΠΏΠΎΠΌ ΡΠ°Π·Π½ΡΡ ΠΎΠ±ΡΠ°Π±ΠΎΡΡΠΈΠΊΠΎΠ² ΠΊ Π΅Π΄ΠΈΠ½ΠΎΠΉ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ.
Olu tshintsho lubalulekileyo luphunyeziweyo:
- Utshintsho lwenziwe kwinkqubo entsha yoqwalaselo enikezela nge-syntax eyenziwe lula kwaye ivumela ukusetyenziswa kwezikripthi ukuvelisa ngokuguquguqukayo izicwangciso. I-LuaJIT isetyenziselwa ukucubungula iifayile zoqwalaselo. Iiplagi ezisekelwe kwi-LuaJIT zibonelelwa ngokuphunyezwa kokhetho olongezelelweyo lwemithetho kunye nenkqubo yokungena;
- I-injini yokukhangela uhlaselo yenziwe yangoku, imithetho ihlaziywe, kwaye ukukwazi ukubopha izithinteli kwimithetho (i-sticky buffers) yongezwe. I-injini yokukhangela ye-Hyperscan isetyenzisiwe, eyenza kube lula ukusebenzisa iipatheni eziqhutywe ngokukhawuleza kunye nezichanekileyo ezisekelwe kwiimpawu eziqhelekileyo kwimithetho;
- Yongezwe imowudi entsha yokuhlola ye-HTTP ethathela ingqalelo imeko yeseshoni kwaye igubungela i-99% yeemeko ezixhaswa yi-suite yovavanyo.
HTTP Evader . ΠΠΎΠ±Π°Π²Π»Π΅Π½Π° ΡΠΈΡΡΠ΅ΠΌΠ° ΠΈΠ½ΡΠΏΠ΅ΠΊΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΡΡΠ°ΡΠΈΠΊΠ° HTTP/2; - Ukusebenza kwendlela yokuhlola ipakethe enzulu kuphuculwe kakhulu. Ukongezwa ukukwazi ukusetyenzwa kwepakethe yeentambo ezininzi, ukuvumela ukuphunyezwa kwangaxeshanye kwemisonto emininzi kunye neeprosesa zepakethi kunye nokubonelela nge-scalability yomgca ngokuxhomekeke kwinani le-CPU cores;
- Ukugcinwa koqwalaselo oluqhelekileyo kunye neetafile zeempawu ziye zaphunyezwa, ezabelwana ngazo phakathi kwee-subsystems ezahlukeneyo, eziye zanciphisa kakhulu ukusetyenziswa kwememori ngokuphelisa ukuphindaphinda kolwazi;
- Inkqubo entsha yokugawulwa kwesiganeko isebenzisa ifomathi ye-JSON kwaye ihlanganiswe ngokulula kunye namaqonga angaphandle afana ne-Elastic Stack;
- Ukutshintshela kwi-architecture yemodyuli, ukukwazi ukwandisa ukusebenza ngokudibanisa iiplagi kunye nokuphumeza ii-subsystems eziphambili ngendlela yeeplagi ezitshintshiweyo. Okwangoku, iiplagi ezingamakhulu amaninzi sele ziphunyeziwe kwi-Snort 3, equka iindawo ezahlukeneyo zesicelo, umzekelo, ukuvumela ukuba ungeze ii-codecs zakho, iindlela zokungena, iindlela zokungena, izenzo kunye neenketho kwimithetho;
- Ukufunyanwa ngokuzenzekelayo kweenkonzo ezisebenzayo, ukuphelisa imfuno yokuchaza ngesandla amazibuko othungelwano asebenzayo.
- ΠΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° ΡΠ°ΠΉΠ»ΠΎΠ² Π΄Π»Ρ Π±ΡΡΡΡΠΎΠ³ΠΎ ΠΏΠ΅ΡΠ΅ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΡ Π½Π°ΡΡΡΠΎΠ΅ΠΊ, ΠΎΡΠ½ΠΎΡΠΈΡΠ΅Π»ΡΠ½ΠΎ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ. ΠΠ»Ρ ΡΠΏΡΠΎΡΠ΅Π½ΠΈΡ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ ΠΏΡΠ΅ΠΊΡΠ°ΡΠ΅Π½ΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ snort_config.lua ΠΈ SNORT_LUA_PATH.
ΠΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° ΠΏΠ΅ΡΠ΅Π·Π°Π³ΡΡΠ·ΠΊΠΈ Π½Π°ΡΡΡΠΎΠ΅ΠΊ Π½Π° Π»Π΅ΡΡ; - Ikhowudi inika amandla okusebenzisa i-C ++ yokwakha echazwe kumgangatho weC ++ 14 (ukwakha kufuna umqambi oxhasa iC ++ 14);
- Kongezwe umlawuli omtsha weVXLAN;
- Uphando oluphuculweyo lweentlobo zesiqulatho ngomxholo usebenzisa ukuphunyezwa kwe-algorithm ehlaziyiweyo
UBoyer-Moore ΠΈHyperscan ; - Ukuqalisa kukhawuleziswa ngokusebenzisa imisonto emininzi ukuqokelela amaqela emithetho;
- Kongezwe indlela entsha yokugawulwa kwemithi;
- ΠΠΎΠ±Π°Π²Π»Π΅Π½Π° ΡΠΈΡΡΠ΅ΠΌΠ° ΠΈΠ½ΡΠΏΠ΅ΠΊΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ RNA (Real-time Network Awareness), ΡΠΎΠ±ΠΈΡΠ°ΡΡΠ°Ρ ΡΠ²Π΅Π΄Π΅Π½ΠΈΡ ΠΎ Π΄ΠΎΡΡΡΠΏΠ½ΡΡ Π² ΡΠ΅ΡΠΈ ΡΠ΅ΡΡΡΡΠ°Ρ , Ρ ΠΎΡΡΠ°Ρ , ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡΡ ΠΈ ΡΠ΅ΡΠ²ΠΈΡΠ°Ρ .
umthombo: opennet.ru