tailieunhanh - snort 2.1 intrusion detection second edition phần 7
Các liên kết IP có mặt trong cột Source IP sẽ đưa bạn đến một trang dis chơi một bản tóm tắt của chữ ký kích hoạt bởi lưu lượng truy cập từ trang tóm tắt cụ thể cũng chứa các liên kết đó sẽ giúp bạn phát hiện ra địa chỉ IP này thuộc whois tra cứu , tra cứu DNS, và vv. | 426 Chapter 8 Dealing with the Data Simpo PDF Merge and Split Unregistered Version - http Figure Top 20 Attacking IPs The IP links present in the Source IP column will take you to a page displaying a summary of signatures triggered by the traffic from this particular summary page also contains links that will help you discover to whom this IP address belongs whois lookups DNS lookups and so forth. Optional SnortSnarf features include a tool for creating incident feature resembles the ACID alert grouping and e-mailing. Its installation is described in in the SnortSnarf distribution package. The SnortSnarf script has many options other than those described in this section. It is possible to specify various filters by Sensor ID Alert priority Date Time The main difference between SnortSnarf and ACID is that you need to specify everything on the command line and not sum up SnortSnarf similarly to ACID helps you bring data together. The format is such that potential problems can be easily analyzed and analysis will verify if there was an incident and Snort alert logs and system log files will provide data of what was possibly compromised. When a security incident occurs Dealing with the Data Chapter 8 Simpo PDF Merge and Split Unregistered Version - http 427 the link in the SnortSnarf browser window allows the analyst to review the inci dent data and start looking for ways to prevent further further research and analysis of SnortSnarf reports will help provide enough information to make incident-related analysis should help identify whether your defense in-depth plan failed. With this knowledge of what failed where it failed and how it failed you can make plans to prevent unauthorized access in the future. Damage Defense Beware of the External Intranet As with any Web-based security monitoring tool ensure that you .
đang nạp các trang xem trước