A Study on Network Security Improvement with Integration System Infromation.
| Autor: | Chen, Yan-Jie, 陳彥傑 |
|---|---|
| Rok vydání: | 2009 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 97 Internet is very important to people today, since there are many services provided on it and so on. For example, trading, paying taxes, transferring account, taking course, making friends, and so on,. Those services are related to our life, so the security of Internet becomes more and more important. Therefore, we need what is called defense tools or equipment to prevent intrusion when we defense attacks on the cyber world. Those equipments or tools will generate log and network administrator can find out attacks by it. Our research is to combine the security devices to resist and detect the attacks from Internet. Every manufacturers of network security device are interested in development of network security devices to detect attacking events for the issue of network security. Although those detection equipments are variety, they might result in different detecting reports, like false positive or false negative. If we could integrate the security devices and network devices that we have already had to defending the attacks from Internet. The detected information would be shared, and then the detect rates and the false positive rates would be better. However, it has been very difficult to manage and integrate all of heterogeneous security devices. Besides, that also introduces how many network security devices are enough to defend and detect attacks for your own network. This research start from network attacking to find possible attacking module and use CS-MARS that produced by Cisco as a basic of heterogeneous platform as an example for test by application of FTP. Steps of emulation which start from the setting of CS-MARS and analyzing of rules would help new employee or high-rank manager to understand the setting logic of rule and detecting events for avoiding double setting or management that are inefficiency. And then, we make an emulation with sudden increase of traffic a port and ftp password attacking by adding a new rule and using suppression points to control the events. In this thesis, an attacking category of generalization graphs and summarized the characteristics between the network devices to help network administrator defending and protecting their network by less network device are achievements. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|