常用网络安全技术.ppt

攻击检测 基于异常行为的入侵检测 主要根据网络流量进行分析判断，利用NETFLOW的数据采集技术实现电信级别的DDOS入侵检测与防护。 检测的重点在于对于网络的可用性进行保护，这与传统的事件检测是有不同的侧重。 主机入侵检测系统的设计原理 根据主机的可审计数据和系统日志发现可疑时间，检测系统运行在被检测的主机上。 主要存在弱点如下： 攻击者可调用更低级别特权来绕过检测。 影响服务器性能。 所检测到的攻击类型与范围存在一定程度限制。 网络入侵检测系统的设计原理 可靠性 容错性 可用性 可检验 容易开发 可适应性 准确性 安全性 内容小结 本次课程介绍了主流的传统安全产品的主要技术功能与技术实现方法，同时介绍了相关不同产品的配置技巧。 当前安全产品更多更实用的功能在实际应用中并没有被发挥出来，本课程对于这部分也着重进行了介绍。 控制、审计、隔离加密、验证等传统安全元素融合搭配发挥更好的安全防护功效。 更多更新欢迎访问我的网站wwwisfocusnet 本次课程结束 * * * * * * 端口聚合 ：也称为端口捆绑、端口聚集或链路聚集。网络设备通过两个或多个端口并行连接同时传输数据以提供更高的带宽 * Ns500SP才有的功能,价格需要六十六万,VSYS虚拟防火墙,可以针对每个用户设置单独的策略,支持250000并发连接 * Theme The problems with non-integrated solutions Points: In the 1990’s, the battle was over what type of firewall to purchase – Proxy, router-based, or Stateful Inspection Check Point, the inventors of Stateful Inspection, was declared the winner because of the security and performance offered In this decade, the debate will be over where to deploy your VPN The first option is to place your VPN outside of your firewall This is widely thought of as a bad idea It subjects your VPN device to attacks, which can compromise it It can also be the point-of-attack for a denial-of-service attack that can cripple your whole network The second option is to place your VPN device behind the firewall Unfortunately, this means that the firewall cannot inspect the traffic, because it is encrypted as it goes through To get the level of access control and security needed, it’s necessary to send the unencrypted packet back through – establishing a second connection to the firewall and creating a scalability problem The last method, which is fairly common, is to deploy a firewall and VPN in parallel, where the VPN receives all IPSec traffic and the firewall all other traffic The problem is that the VPN traffic has now bypassed the enterprise security policy, in addition to being open to attack * Theme The problems with non-integrated solutions Points: In the 1990’s, the battle was over what type of firewall to purcha