Đang chuẩn bị liên kết để tải về tài liệu:
snort 2.1 intrusion detection second edition phần 7

Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ

Các liên kết IP có mặt trong cột Source IP sẽ đưa bạn đến một trang dis chơi một bản tóm tắt của chữ ký kích hoạt bởi lưu lượng truy cập từ trang tóm tắt cụ thể source.This cũng chứa các liên kết đó sẽ giúp bạn phát hiện ra địa chỉ IP này thuộc whois tra cứu , tra cứu DNS, và vv. | 426 Chapter 8 Dealing with the Data Simpo PDF Merge and Split Unregistered Version - http www.simpopdf.com Figure 8.22 Top 20 Attacking IPs The IP links present in the Source IP column will take you to a page displaying a summary of signatures triggered by the traffic from this particular source.This summary page also contains links that will help you discover to whom this IP address belongs whois lookups DNS lookups and so forth. Optional SnortSnarf features include a tool for creating incident reports.This feature resembles the ACID alert grouping and e-mailing. Its installation is described in README.SISR in the SnortSnarf distribution package. The SnortSnarf script has many options other than those described in this section. It is possible to specify various filters by Sensor ID Alert priority Date Time The main difference between SnortSnarf and ACID is that you need to specify everything on the command line and not interactively.To sum up SnortSnarf similarly to ACID helps you bring data together. The format is such that potential problems can be easily analyzed and researched.This analysis will verify if there was an incident and Snort alert logs and system log files will provide data of what was possibly compromised. When a security incident occurs www.syngress.com Dealing with the Data Chapter 8 Simpo PDF Merge and Split Unregistered Version - http www.simpopdf.com 427 the link in the SnortSnarf browser window allows the analyst to review the inci dent data and start looking for ways to prevent further incursions.This further research and analysis of SnortSnarf reports will help provide enough information to make incident-related decisions.The analysis should help identify whether your defense in-depth plan failed. With this knowledge of what failed where it failed and how it failed you can make plans to prevent unauthorized access in the future. Damage Defense Beware of the External Intranet As with any Web-based security monitoring tool ensure that you .

TÀI LIỆU LIÊN QUAN