欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    ANSI INCITS ISO IEC 18043-2006 Information technology Security techniques Selection deployment and operations of intrusion detection systems.pdf

    • 资源ID:436269       资源大小:1.15MB        全文页数:54页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    ANSI INCITS ISO IEC 18043-2006 Information technology Security techniques Selection deployment and operations of intrusion detection systems.pdf

    1、INCITS/ISO/IEC 18043:20062008 (ISO/IEC 18043:2006, IDT) Information technology Security techniques Selection, deployment and operationsof intrusion detection systemsINCITS/ISO/IEC 18043:20062008(ISO/IEC 18043:2006, IDT)INCITS/ISO/IEC 18043:20062008 ii ITIC 2008 All rights reserved PDF disclaimer Thi

    2、s PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept the

    3、rein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; t

    4、he PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (Inter

    5、National Committee for Information Technology Standards) as an American National Standard. Date of ANSI Approval: 7/1/2008 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2008 by Information Technology Industry Council (ITI). All rights res

    6、erved. These materials are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication ma

    7、y be reproduced in any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America INCITS/ISO/IEC 18043:20062008 ITI

    8、C 2008 All rights reserved iii Contents Page Foreword iv Introduction .v Information technology Security techniques Selection, deployment and operations of intrusion detection systems 1 1 Scope 1 2 Terms and definitions 1 3 Background 4 4 General5 5 Selection .6 5.1 Information Security Risk Assessm

    9、ent .7 5.2 Host or Network IDS .7 5.3 Considerations .7 5.4 Tools that complement IDS 13 5.5 Scalability . 17 5.6 Technical support. 17 5.7 Training . 17 6 Deployment . 18 6.1 Staged Deployment 18 7 Operations 22 7.1 IDS Tuning 22 7.2 IDS Vulnerabilities 22 7.3 Handling IDS Alerts 22 7.4 Response Op

    10、tions 25 7.5 Legal Considerations . 26 Annex A (informative) Intrusion Detection System (IDS): Framework and Issues to be Considered . 27 A.1 Introduction to Intrusion Detection . 27 A.2 Types of intrusions and attacks 28 A.3 Generic Model of Intrusion Detection Process . 29 A.4 Types of IDS . 35 A.

    11、5 Architecture 38 A.6 Management of an IDS . 39 A.7 Implementation and Deployment Issues . 42 A.8 Intrusion Detection Issues . 44 Bibliography 46 INCITS/ISO/IEC 18043:20062008 iv ITIC 2008 All rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the Internationa

    12、l Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of

    13、 technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint

    14、technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee a

    15、re circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held

    16、responsible for identifying any or all such patent rights. ISO/IEC 18043 was prepared by Joint Technical Committee ISO/IEC JTC 1 Information technology, Subcommittee SC 27, IT Security techniques. Legal notice The National Institute of Standards and Technology (NIST), hereby grant non-exclusive lice

    17、nse to ISO/IEC to use the NIST Special Publication on Intrusion Detection Systems (SP800-31) in the development of the ISO/IEC 18043 International Standard. However, the NIST retains the right to use, copy, distribute, or modify the SP800-31 as they see fit. INCITS/ISO/IEC 18043:20062008 ITIC 2008 A

    18、ll rights reserved v Introduction Organizations should not only know when, if, and how an intrusion of their network, system or application occurs, they also should know what vulnerability was exploited and what safeguards or appropriate risk treatment options (i.e. risk transfer, risk acceptance, r

    19、isk avoidance) should be implemented to prevent similar intrusions in the future. Organizations should also recognize and deflect cyber-based intrusions. This requires an analysis of host and network traffic and/or audit trails for attack signatures or specific patterns that usually indicate malicio

    20、us or suspicious intent. In the mid-1990s, organizations began to use Intrusion Detection Systems (IDS) to fulfil these needs. The general use of IDS continues to expand with a wider range of IDS products being made available to satisfy an increasing level of organizational demands for advanced intr

    21、usion detection capability. In order for an organization to derive the maximum benefits from IDS, the process of IDS selection, deployment, and operations should be carefully planned and implemented by properly trained and experienced personnel. In the case where this process is achieved, then IDS p

    22、roducts can assist an organization in obtaining intrusion information and can serve as an important security device within the overall information and communications technology (ICT) infrastructure. This International Standard provides guidelines for effective IDS selection, deployment and operation

    23、, as well as fundamental knowledge about IDS. It is also applicable to those organizations that are considering outsourcing their intrusion detection capabilities. Information about outsourcing service level agreements can be found in the IT Service Management (ITSM) processes based on ISO/IEC 20000

    24、. AMERICAN NATIONAL STANDARD INCITS/ISO/IEC 18043:20062008 ITIC 2008 All rights reserved 1 Information technology Security techniques Selection, deployment and operations of intrusion detection systems 1 Scope This International Standard provides guidelines to assist organizations in preparing to de

    25、ploy Intrusion Detection System (IDS). In particular, it addresses the selection, deployment and operations of IDS. It also provides background information from which these guidelines are derived. This International Standard is intended to be helpful to a) an organization in satisfying the following

    26、 requirements of ISO/IEC 27001: The organization shall implement procedures and other controls capable of enabling prompt detection of and response to security incidents. The organization shall execute monitoring and review procedures and other controls to properly identify attempted and successful

    27、security breaches and incidents. b) an organization in implementing controls that meet the following security objectives of ISO/IEC 17799: To detect unauthorized information processing activities. Systems should be monitored and information security events should be recorded. Operator logs and fault

    28、 logging should be used to ensure information system problems are identified. An organization should comply with all relevant legal requirements applicable to its monitoring and logging activities. System monitoring should be used to check the effectiveness of controls adopted and to verify conformi

    29、ty to an access policy model. An organization should recognize that deploying IDS is not a sole and/or exhaustive solution to satisfy or meet the above-cited requirements. Furthermore, this International Standard is not intended as criteria for any kind of conformity assessments, e.g., Information S

    30、ecurity Management System (ISMS) certification, IDS services or products certification. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 attack attempts to destroy, expose, alter, or disable an Information System and/or information within it o

    31、r otherwise breach the security policy INCITS/ISO/IEC 18043:20062008 2 ITIC 2008 All rights reserved 2.2 attack signature sequence of computer activities or alterations that are used to execute an attack and which are also used by an IDS to discover that an attack has occurred and often is determine

    32、d by the examination of network traffic or host logs NOTE This may also be referred to as an attack pattern. 2.3 attestation variant of public-key encryption that lets IDS software programs and devices authenticate their identity to remote parties. NOTE See Clause 2.21, Remote attestation. 2.4 bridg

    33、e network equipment that transparently connects a local area network (LAN) at OSI layer 2 to another LAN that uses the same protocol 2.5 cryptographic hash value mathematical value that is assigned to a file and used to “test” the file at a later date to verify that the data contained in the file ha

    34、s not been maliciously changed 2.6 DoS (Denial-of-Service) attack prevention of authorized access to a system resource or the delaying of system operations and functions ISO/IEC 18028-1 2.7 Demilitarized Zone DMZ logical and physical network space between the perimeter router and the exterior firewa

    35、ll NOTE 1 The DMZ may be between networks and under close observation but does not have to be so. NOTE 2 They are generally unsecured areas containing bastion hosts that provide public services. 2.8 exploit defined way to breach the security of an Information System through vulnerability 2.9 firewal

    36、l type of security gateway or barrier placed between network environments consisting of a dedicated device or a composite of several components and techniques through which all traffic from one network environment to another, and vice versa, traverses and only authorized traffic is allowed to pass I

    37、SO/IEC 18028-1 2.10 false positive IDS alert when there is no attack 2.11 false negative no IDS alert when there is an attack INCITS/ISO/IEC 18043:20062008 ITIC 2008 All rights reserved 3 2.12 host addressable system or computer in TCP/IP based networks like the Internet 2.13 intruder individual who

    38、 is conducting, or has conducted, an intrusion or attack against a victims host, site, network, or organization 2.14 intrusion unauthorized access to a network or a network-connected system, i.e. deliberate or accidental unauthorized access to an information system, to include malicious activity aga

    39、inst an information system, or unauthorized use of resources within an information system 2.15 intrusion detection formal process of detecting intrusions, generally characterized by gathering knowledge about abnormal usage patterns as well as what, how, and which vulnerability has been exploited to

    40、include how and when it occurred 2.16 intrusion detection system IDS information system used to identify that an intrusion has been attempted, is occurring, or has occurred and possibly respond to intrusions in Information Systems and networks 2.17 intrusion prevention system IPS variant on intrusio

    41、n detection systems that are specifically designed to provide an active response capability 2.18 honeypot generic term for a decoy system used to deceive, distract, divert and to encourage the attacker to spend time on information that appears to be very valuable, but actually is fabricated and woul

    42、d not be of interest to a legitimate user 2.19 penetration unauthorized act of bypassing the security mechanisms of an Information System 2.20 provisioning process of remotely searching for new software updates from a vendors website and downloading authenticated updates 2.21 remote attestation proc

    43、esses of using digital certificates to ensure the identity as well as the hardware and software configuration of IDS and to securely transmit this information to a trusted operations center 2.22 response (incident response or intrusion response) actions taken to protect and restore the normal operat

    44、ional conditions of an Information System and the information stored in them when an attack or intrusion occurs INCITS/ISO/IEC 18043:20062008 4 ITIC 2008 All rights reserved 2.23 router network device that is used to establish and control the flow of data between different networks, which themselves

    45、 can be based on different networks protocols, by selecting paths or routes based upon routing protocol mechanisms and algorithms NOTE The routing information is kept in a routing table. ISO/IEC 18028-1 2.24 server computer system or program that provides services to other computers 2.25 Service Lev

    46、el Agreement contract that defines the technical support or business performance objectives including measures for performance and consequences for failure the provider of a service can provide its clients 2.26 sensor component/agent of IDS, which collects event data from an Information System or ne

    47、twork under observation NOTE Also referred to as a monitor. 2.27 subnet portion of a network that shares a common address component 2.28 switch device which provides connectivity between networked devices by means of internal switching mechanisms NOTE Switches are distinct from other local area netw

    48、ork interconnection devices (e.g. a hub) as the technology used in switches sets up connections on a point-to-point basis. This ensures the network traffic is only seen by the addressed network devices and enables several connections to exist simultaneously routing. ISO/IEC 18028-1 2.29 Test Access

    49、Points TAP typically passive devices that do not install any overhead on the packet; they also increase the level of the security as they make the data collection interface invisible to the network, where a switch can still maintain layer 2 information about the port. A TAP also gives the functionality of multiple ports so network issues can be debugged without losing the IDS capability. 2.30 trojan horse malicious program that masquerades as a benign application 3 Background The purpose of Intrusion Dete


    注意事项

    本文(ANSI INCITS ISO IEC 18043-2006 Information technology Security techniques Selection deployment and operations of intrusion detection systems.pdf)为本站会员(cleanass300)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开