Welcome to the fifth article in the Continent Getting Started series. Today we will focus on such a mechanism as intrusion detection and prevention. Important! All the following articles will be published on our training portal and Telegram channel .
4.1 , , . « ».
:
Monitor
SPAN- /. . .
Inline
" " . , , . .
4 « » :
UTM. , . .
« ». . + .
. , .
« »
(). : . «ids_update.json.gz». .
« » – « » – «» . .
:
– (, , / ).
– /.
– .
– , .
ssl- – SSL , .
– .
– , .
– .
DoS- – // .
– , .
– , .
– .
- – , .
– Android/IOS.
– .
– , .
– .
– .
- – .
– , /.
- – -(SQL-, XSS ..)
– .
. .
« » txt. 50000 . . , «». «».
« » :
EXTERNAL_NET – any,
HOME_NET – 172.16.0.0/12 172.16.20.0/24.
.
« » – « ». . : , . . DMZ.
. «». , .
, , , .
IPS «» ( ).
, .. , , . .
. , . , .
IPS Kali Linux. DMZ.
, DMZ icmp, tcp, udp.
Kali DMZ .
. .
SYN-flood. DMZ .
, .
EICAR. IPS .
, / , 4 « » – , « » (DoS).
() :
SYN-, FIN/RST-, ICMP-, UDP-, ICMP-, (Null Payload ICMP packet), DNS / (DNS max length), (Packet Sanity), (Small Packet MTU), DNS-spoofing, DNS (DNS-mismatch), DNS (DNS-reply mismatch), SYN-flood, SMURF-, FIN/RST-flood, FRAGGLE-, LAND-.
, .
. DoS- DMZ.
ICMP scan
, / , , .
/ . DMZ. VPN. , Telegram .
P.S. , , . 4.1 dl@tssolution.ru
- , TS Solution