tools and description

8/16/2019 Tools and Description

1/84

Zdks crtkahf rfvkfws tnp tfg gftwnri cgchysks tnnhs enr jkeefrfgt eugatkngch crfcs.

3. Qnhcr\kgjs GftEhnw Zrcea Cgchyzfr, cic Nrkng GZC

Euhh kgvfstklctkng ne gftwnri catkvktkfs

Qnhcr\kgjs GftEhnw Zrceeka Cgchyzfr ks c wkjfhy usfj GftEhnw cgchysks utkhkty. Kt dfhps tn fxphnrf

trceeka ehnw catkvktkfs nvfr tdf gftwnri cgj fxcokgfs tdf jfvkaf fdcvknur enr fxafsskvf trceeka ehnw.

Zdks tnnh chhnws gftwnri cjokgkstrctnrs tn rf!uhctf fxtrfof cgjwkjtd utkhksctkng enr sonntd gftwnri

npfrctkngs wktdnut up!rcjkg! gftwnri rfsnurafs.

GftEhnw Zrceeka Cgchyzfr acg fxcokgf stcgjcrj "Ehnw# jctc ne ouhtkvfgjnr gftwnri jfvkafs suad cs

$ksan% &ugkpfr% 'kvfrfj% ()% Gnrtfh% nr (ucwfk wktd afgtrch *+K csfj gftwnri cpphkactkngs. Kt chsn

suppnrts trk!!frfj chfrts cgj rfpnrts ng tdf csks ne caauouhctfj "Ehnw# jctc tn cadkfvf cpprnprkctf

gftwnri utkhkzctkng. Kgstfcj ne K) nr pnrt csfj "Ehnw# cgchysks% ynu acg chsn ocp anoong wf

cpphkactkngs suad cs Ecafnni% Zwkttfr% nr tnrrfgt sktfs enr cpphkactkng csfj cgchysks.

+skg! tdks utkhkty cjokgkstrctnr ynu acg austnoksf jkeefrfgt adcrt fhfofgts tn skophkey tdf adcrt vkfw

y fhkokgctkg! uggfafsscry jctc. Zdks tnnh chsn suppnrts sEhnw v, - v cgj vQwktad kgtfrecafs tn

acpturf jctc.

Prkaf= Qtcrts ct /0321: 65


2/84

. Chactfh !"afgt#s $ntk%f Gftwnri Cgchyzfr & An''fr

Vhtkoctf utkhkty tn fxcokgf sfrvkaf prnvkjfr‛s anppfr caafss gftwnri

4ntkvf Gftwnri Cgchyzfr ; $nppfr =GC,@% 7Q>,% cgj 7Q>, vfatnrkg! cgj

ngjkg!.

4ntkvf GCkgf Zfstkg! =QB>Z9 cgj 7uchkgf Zfstkg! =7B>Z9 tn kjfgtkey vcrknus anggfatkvkty

prnhfos% kgahujkg! jftfatkng cgj hnachkzctkng ne npfg akrauktAsdnrt akraukt ecuhts cgj pnwfrfj jnwg

$)B jftfatkng. 4ntkvf GC


3/84

(. Chactfh !"afgt#s $ntk%f Gftwnri Cgchyzfr & Ekbfr

Vhtkoctf utkhkty tn ocgclf bfr caafss gftwnris

4ntkvf Gftwnri Cgchyzfr ; Ekfr =GC


4/84

• ,koktfj tn "fr caafss gftwnr#s

• c#fs tkof tn ugjfrstcgj kts fcturfs

). Gc*kns Gftwnri Cgchyzfr

Jftckhfj cgchysks enr sochh tn hcrlf sachf gftwnris

Gc!kns Gftwnri Cgchyzfr ks c wkjfhy usfj ehnw jctc cgchysks snhutkng utkhkty. Kt neefrs jftckhfj cgchysks

ne vcrknus gftwnri sfrvkafs suad cs )F)6% (ZZ)% K$4)% fta. Kt !fgfrctfs 8ukai cgj fcskhy

kgtfrprftfj adcrts tn rfekgf acpturfj jctc wktd vfry vchuchf stctkstkas hkif prnafssnr% jksi usc!f%

cgjwkjtd utkhksctkng cgj ouad onrf tn cssfss c gftwnri?s dfchtd.

Gc!kns Gftwnri Cgchyzfr acg f fcskhy kgtf!rctfj wktd Gc!kns KL cgj acg chsn f austnoksfj tn

offt gftwnri rf8ukrfofgts. Zdks tnnh prnvkjfs c afgtrch vkfw ne gftwnri trceeka cgj cgjwkjtd

utkhksctkngs cgj chsn neefrs cutnoctfj chfrts cgj QG4) trcps wdfg suspkaknus catkvkty tcifs phcaf ng

tdf gftwnri.

Zdf Gc!kns Gftwnri Cgchyzfr systfo dcs twn actf!nrkfs ne hkafgakg!J

09 Fpfg Qnuraf enugjctkng anrfs cgj anopngfgts hkif GE7+4) cgj ''7Znnh.

,9 Gc!kns Gftwnri Cgchyzfr +K cgj systfo ercofwnris% wdkad crf rfhfcsfj ugjfr c anoofrakch

hkafgsf cgj angtckg snof anjf usfj ugjfr hkafgsf y Gc!kns Bgtfrprksfs tdct acggnt f rfhfcsfj

ugjfr cg FQQ hkafgsf.

Prkaf= /DD1 enr 0 hkafgsf dttps=//www.gclkns.ano/prnjuats/gclkns-gftwnr#-

cgchyzfr/6prkakgl

+nwghncj !kgi=

dttps=//www.gclkns.ano/jnwghncjs/gclkns-gftwnr#-cgchyzfr/

https://www.nagios.com/products/nagios-network-analyzer/#pricinghttps://www.nagios.com/products/nagios-network-analyzer/#pricinghttps://www.nagios.com/downloads/nagios-network-analyzer/https://www.nagios.com/products/nagios-network-analyzer/#pricinghttps://www.nagios.com/products/nagios-network-analyzer/#pricinghttps://www.nagios.com/downloads/nagios-network-analyzer/


5/84

\fbsktf=

dttps=//www.gclkns.ano/prnjuats/gclkns-gftwnr#-cgchyzfr/

Prns

• 2noprfdfgskvf jcsd"ncrj

• 0cskhy ugjfrstcgjc"hf lrcpds

• Cutnoctfj chfrt systfo

• Cjvcgafj usfr ocgclfofgt

Angs

• &noftkofs gn rfspngsf wktd senw acpturf

. $cgc*f-g*kgf GftEhnw Cgchyzfr

Lnnj enr ofjkuo tn hcrlf sachf ouhtk-vfgjnr gftwnris

4cgc!fBg!kgf Gftehnw Cgchyzfr ks c !nnj adnkaf tn fxcokgf ouhtkCGA\CG fgvkrngofgts.

+skg! tdks utkhkty ynu wkhh f chf tn cgchysf onst GftEhnw pcaifts nrk!kgctkg! erno fgtfrprksf rnutfrs

nr swktadfs% cgj kt chsn dfhps cjokgkstrctnrs y prnjuakg! gftwnri trceeka rfpnrts tn rfan!gksf tdf

ng!nkg! catkvktkfs ne tdf gftwnri.

Zdks tnnh acg feefatkvfhy anhhfat vcrknus trceeka ehnws suad cs GftEhnw% sEhnw% Ehnw% fta.% cgj prnvkjfs

hfss anophkactfj jctc nutanofs enr fcsy ugjfrstcgjkg!. Kt chsn fgchfs ynu tn austnoksf vcrknus

jfvkaf ehnws kgtn jkeefrfgt !rnups tn ocgc!f ouhtkphf gftwnris cs c skg!hf fgtkty.

4cgc!fBg!kgf Gftehnw Cgchyzfr jnfsg?t rf8ukrf cgy spfakch dcrjwcrf angek!urctkng tn rug cgj acg

ocp onst cpphkactkng ehnws suad cs Frcahf% )fnphfQnet% 4QQ>% fta. Kt dcs cg ckhkty tn kgtf!rctf

dk!d fgj $ksan tfadgnhn!kfs suad cs GMC'% $MnQ% fta.% cgj chsn jfch wktd rfch tkof gftwnri

nsfrvctkng tn prnvkjf kg


6/84

Enr 'rkakg* nr nrf kg/nrctkng %kskt=

dttps=//www.ocgclffglkgf.ano/prnjuats/gftenw/

Prns

• Uchkjctkng n 5n& pnhkakfs

• Cutnoctfj 'ftenw rfpnrts

• :g-jfptd cgchysks "y arfctkgl :) nr +fvkaf lrnups

• 3nhf-"csfj usfr caafss

0. Acs'c Erff

Rfanoofgjfj erffwcrf utkhkty enr !" cgchysks

$cspc Erff ks c erffwcrf utkhkty enr Btdfrgft ongktnrkg!% trnuhfsdnntkg! cgj cgchysks. Kt neefrs ntd

>CG cgj \>CG gfcr rfch


7/84

Prns

• :g-jfptd ,C' cgchysks

• 2ustnoksfj cutnoctfj chcros

• 0csy tn ugjfrstcgj gftwnr# cgchysks rfanoofgjfj nr hfcrgkgl purpnsfs%

Angs

• !fwfr nptkngs nr austnoksctkng

• ,koktfj tn 0tdfrgft pca#fts cgchysks

. \krfs2cri

! erffwcrf tnnh rfanoofgjfj enr sochh cgj ofjkuo fgtfrprksf gftwnris

\krfsdcri ks c wfhhkgux% FQ L% Qnhcrks% fta. Kt acg acpturf jctc erno vcrknus

snurafs kgahujkg! Btdfrgft% \>CG% \CG cgj ocgy ntdfrs. $cpturfj jctc acg f caafssfj vkc *+K%

ZZI


8/84

• 0xcokgctkng n ,C'/4C' prntnanhs

• :g-jfptd Un:) cgchysks

Angs

• !fwfr nptkngs nr adcrts/rfpnrtkgl

• ,koktfj ugatkngchktkfs cs acg "f fxpfatfj rno rffwcrf utkhktkfs

1. Achk*crf Ehnw :gs'fatnr

! anophftf gftwnri cgchysks wkt# hnts ne angjktkngch austnoksctkngs

$chk!crf ks cg neekakch $ksan pcrtgfr kg tfadgnhn!y jfvfhnpofgt cgj kts Ehnw Kgspfatnr tnnh prnvkjfs

nptkoch GftEhnw cgchysks wktd jkeefrfgt sft angjktkngs suad cs snurafAjfstkgctkng K) cjjrfssfs%

kgtfrecafs% cgj Z$)A+)7AK$4) prntnanhs. Kt chsn neefrs rfch tkof gftwnri cgchysks cgj usfr jctc

trcaikg! sn tdct gftwnri cjokgkstrctnrs acg rfjuaf tdf rksi ne jctc nr gftwnri eckhurf. Zdf fst pcrt

cnut tdks utkhkty ks kts stctkstkas rfpnrts. +skg! tdks snetwcrf prn!rco ynu wkhh f chf tn ignwJ

•

&nuraf cgj +fstkgctkng dnsts wktd tdf dkldfst gftwnr# utkhksctkng• (nst usfj cpphkactkngs tdrnuldnut tdf gftwnr#

• np onst prntnanhs jkstrk"utkng nvfr tdf gftwnr#

• &nuraf cgj +fstkgctkng Cutngnonus &ystfos wktd tdf onst gftwnr# enws

• np kgtfrcafs$ gfxt-dnps cgj :2() jkstrk"utkngs$ fta.

Prkaf= Zn ekgj prkakg! kgenroctkng enr tdf )rnefsskngch fjktkng =enr 0


9/84

• ,+C) cutdfgtkactkng suppnrt

Angs

• !rff cgj )rnfsskngch vfrskngs dcvf snof hkoktctkngs

6. QtffhAfgtrch Pcaift Cgchyzfr

! tnnh wkt# $ukai cgchysks ne ouhtk-lklcbytf trcaf hfs

Qtffh$fgtrch )caift Cgchyzfr% chsn ignwg cs $csacjf )khnt% ks c prnjuat ne wfhh


10/84

35.


11/84

ZNP 5

0. (karnsnt 'ftwnr# (ngktnr4karnsnet Gftwnri 4ngktnr ks c pcaift cgchyzfr tdct chhnws ynu tn acpturf% vkfw cgj

cgchyzf gftwnri trceeka. Zdks tnnh ks dcgjy enr trnuhfsdnntkg! gftwnri prnhfos cgj

cpphkactkngs ng tdf gftwnri. 4ckg efcturfs kgahujf suppnrt enr nvfr 655 puhka cgj

4karnsnet prnprkftcry prntnanhs% skouhtcgfnus acpturf sfsskngs% c \krfhfss 4ngktnr

4njf cgj sgkeekg! ne prnoksaunus onjf trceeka% cong!st ntdfrs.

\dfg ynu hcugad 4karnsnet Gftwnri 4ngktnr% adnnsf wdkad cjcptfr tn kgj tn erno

tdf ockg wkgjnw cgj tdfg ahkai "Gfw $cpturf# tn kgktkctf c gfw acpturf tc. \ktdkg

tdf $cpturf tc% ahkai "$cpturf Qfttkg!s# tn adcg!f ekhtfr nptkngs% cjcptfr nptkngs% nr

!hnch sfttkg!s caanrjkg!hy cgj tdfg dkt "Qtcrt# tn kgktkctf tdf pcaift acpturf prnafss.

,. 'clkns

Gc!kns ks c pnwfreuh gftwnri ongktnrkg! tnnh tdct dfhps ynu tn fgsurf tdct ynur arktkachsystfos% cpphkactkngs cgj sfrvkafs crf chwcys up cgj ruggkg!. Kt prnvkjfs efcturfs

suad cs chfrtkg!% fvfgt dcgjhkg! cgj rfpnrtkg!. Zdf Gc!kns $nrf ks tdf dfcrt ne tdf

cpphkactkng tdct angtckgs tdf anrf ongktnrkg! fg!kgf cgj c cska wf +K. Fg tnp ne

tdf Gc!kns $nrf% ynu crf chf tn kophfofgt phu!kgs tdct wkhh chhnw ynu tn ongktnr

sfrvkafs% cpphkactkngs% cgj oftrkas% c adnsfg erngtfgj cs wfhh cs cjj jctccsf suppnrt% cong!st

ntdfrs.

Zkp= Ke ynu wcgt tn try nut Gc!kns wktdnut gffjkg! tn kgstchh cgj angek!urf kt erno

sarctad% jnwghncj Gc!kns LK cgj fgchf tdf erff vfrskng. Gc!kns LK ks tdf prf<angek!urfj fgtfrprksf ahcss vfrskng ukht upng Gc!kns $nrf cgj ks caifj y c

anoofrakch anopcgy tdct neefrs suppnrt cgj cjjktkngch efcturfs suad cs onrf phu!kgs

cgj cjvcgafj rfpnrtkg!.

Gntf= Zdf erff vfrskng ne Gc!kns LK ks kjfch enr sochhfr fgvkrngofgts cgj wkhh ongktnr

up tn sfvfg gnjfs.

http://www.microsoft.com/en-us/download/details.aspx?id=4865https://www.nagios.org/downloads/http://www.microsoft.com/en-us/download/details.aspx?id=4865https://www.nagios.org/downloads/


12/84

Fgaf ynu?vf kgstchhfj cgj angek!urfj Gc!kns% hcugad tdf \f +K cgj f!kg tn

angek!urf dnst !rnups cgj sfrvkaf !rnups. Fgaf Gc!kns dcs dcj snof tkof tnongktnr tdf stctus ne tdf spfakekfj dnsts cgj sfrvkafs% kt acg stcrt tn pckgt c pkaturf ne

wdct tdf dfchtd ne ynur systfos hnni hkif.

6. N'fgG$QFpfgG4Q ks cg npfg snuraf fgtfrprksf !rcjf gftwnri ocgc!fofgt cpphkactkng tdct

neefrs cutnoctfj jksanvfry% fvfgt cgj gntkekactkng ocgc!fofgt% pfrenrocgaf

ofcsurfofgt% cgj sfrvkaf cssurcgaf efcturfs. FpfgG4Q kgahujfs c ahkfgt cpp enr

tdf k)dngf% k)cj nr k)nj Znuad enr ngnutc!fs% gnjfs% chcros cgj cjj cg kgtfrecaf tn ongktnr.

Fgaf ynu suaafsseuhhy hn!kg tn tdf FpfgG4Q wf +K% usf tdf jcsdncrj tn !ft c

8ukai Hsgcpsdnt vkfw? ne cgy nutc!fs% chcros nr gntkekactkngs. Inu acg jrkhh jnwg cgj

!ft onrf kgenroctkng cnut cgy ne tdfsf sfatkngs erno tdf Qtctus jrnp jnwg ofgu.

Zdf 'fpnrts sfatkng chhnws ynu tn !fgfrctf rfpnrts tn sfgj y f


13/84

. Cj%cgafj :P Qacggfr Cjvcgafj K) Qacggfr ks c ecst cgj fcsy tn usf gftwnri sacggfr tdct jftfats cgy

gftwnri jfvkafs =kgahujkg! wkrfhfss jfvkafs suad cs onkhf pdngfs% prkgtfrs cgj

\KEK rnutfrs9 ng ynur gftwnri. Kt chhnws ynu tn anggfat tn anoong sfrvkafs suad cs

(ZZ)% EZ) cgj sdcrfj enhjfrs ke tdfy crf fgchfj ng tdf rfontf ocadkgf. Inu crfchsn chf tn wcif up cgj sdut jnwg rfontf anoputfrs.

Zdf kgstchhfr chhnws ynu tn euhhy kgstchh tdf cpphkactkng ng ynur ocadkgf nr rug tdf

pnrtchf vfrskng. \dfg ynu hcugad Cjvcgafj K) Qacggfr% stcrt y !nkg! tn Qfttkg!s O

Fptkngs tn sfhfat wdkad rfsnurafs tn sacg cgj dnw ecstAcaaurctf ynu wcgt tdf rfsuhts

tn f. Inu acg tdfg adnnsf wdkad sugft tn sacg cgj prnaffj wktd prfsskg! tdf

"Qacg# uttng. Fgaf tdf sacg ks anophftf% fxpcgj tdf rfsuhts tn sff wdkad rfsnurafs

ynu crf chf tn anggfat tn enr fcad jksanvfrfj jfvkaf.

1. 2cpsc !rff$cpsc Erff ks c gftwnri cgchyzfr tdct chhnws ynu tn ongktnr gftwnri trceeka%

trnuhfsdnnt gftwnri kssufs cgj cgchyzf pcaifts. Efcturfs kgahujf suppnrt enr nvfr

655 gftwnri prntnanhs =kgahujkg! tdf ckhkty tn arfctf cgj austnokzf prntnanhs9% 4QG

cgj Icdnn 4fssfg!fr ekhtfrs% fockh ongktnr cgj cutn


14/84

\dfg ynu hcugad $cpsc% adnnsf tdf cjcptfr ynu wcgt kt tn kgj tn cgj ahkai "Qtcrt# tn

kgktkctf tdf acpturf prnafss. +sf tdf tcs kg tdf ockg wkgjnw tn vkfw tdf jcsdncrj%

c suoocry ne tdf trceeka stctkstkas% tdf Z$)A+7) angvfrsctkngs% cs wfhh cs pcaift

cgchysks.

. !kjjhfrEkjjhfr ks c wf jfu!!kg! tnnh tdct acpturfs (ZZ) trceeka ftwffg adnsfg

anoputfrs cgj tdf Kgtfrgft. Kt chhnws ynu tn cgchyzf kganokg! cgj nut!nkg! jctc tn

ongktnr cgj onjkey rf8ufsts cgj rfspngsfs fenrf tdfy dkt tdf rnwsfr. Ekjjhfr !kvfs

ynu fxtrfofhy jftckhfj kgenroctkng cnut (ZZ) trceeka cgj acg f usfj enr tfstkg! tdf

pfrenrocgaf ne ynur wfsktfs nr sfaurkty tfstkg! ne ynur wf cpphkactkngs =f.!. Ekjjhfr

acg jfarypt (ZZ)Q trceeka9.

\dfg ynu hcugad Ekjjhfr% (ZZ) trceeka wkhh stcrt tn f acpturfj cutnoctkachhy. Zn

tn!!hf trceeka acpturkg!% dkt E0,. Inu acg adnnsf wdkad prnafssfs ynu wksd tn acpturf

(ZZ) trceeka enr y ahkaikg! ng "Chh )rnafssfs# kg tdf nttno stctus cr% nr y jrc!!kg!

tdf "Cgy )rnafss# kang erno tdf tnp ofgu cr ngtn cg npfg cpphkactkng.

2. 'ftwnr#(kgfrGftwnri4kgfr acpturfs gftwnri pcaifts cgj tdfg pcrsfs tdf jctc tn fxtrcat ekhfs cgj

koc!fs% dfhpkg! ynu tn rfangstruat fvfgts tdct c usfr dcs tcifg ng tdf gftwnri ; kt

acg chsn jn tdks y pcrskg! c prf


15/84

Kg tdf fxcophf cnvf% K sft Gftwnri4kgfr tn acpturf pcaifts% npfgfj c wf rnwsfr

cgj sfcradfj enr "snaafr# cs c ifywnrj ng *nn!hf Koc!fs. Zdf koc!fs jksphcyfj kg

tdf Koc!fs tc crf wdct K scw jurkg! oy rnwsfr sfsskng.

\dfg ynu hncj Gftwnri4kgfr% adnnsf c gftwnri cjcptfr tn kgj tn cgj dkt tdf "Qtcrt#

uttng tn kgktkctf tdf pcaift acpturf prnafss.

3. )cgjnrc !(&)cgjnrc E4Q ks c pfrenrocgaf ongktnrkg!% gftwnri ongktnrkg! cgj cvckhckhkty

ocgc!fofgt tnnh tdct iffps cg fyf ng sfrvfrs% cpphkactkngs cgj anoougkactkngs. Kt

dcs cg cjvcgafj fvfgt anrrfhctkng systfo tdct chhnws ynu tn arfctf chfrts csfj ng

fvfgts erno jkeefrfgt snurafs cgj gntkey cjokgkstrctnrs fenrf cg kssuf fsachctfs.

\dfg ynu hn!kg tn tdf )cgjnrc E4Q \f +K% stcrt y !nkg! tn tdf HC!fgt jftckh? cgj

HQfrvkafs? gnjf erno tdf hfet dcgj gcvk!ctkng pcgf. Erno dfrf% ynu acg angek!urf

ongktnrkg! c!fgts cgj sfrvkafs.

D. Bfgnss 2nrfNfgnss $nrf ks c pnwfreuh npfg snuraf KZ ongktnrkg! phctenro tdct ongktnrs

cpphkactkngs% sfrvfrs% stnrc!f% gftwnrikg! cgj vkrtuchkzctkng tn prnvkjf cvckhckhkty cgj

pfrenrocgaf stctkstkas. Kt chsn dcs c dk!d pfrenrocgaf fvfgt dcgjhkg! systfo cgj cg

cjvcgafj gntkekactkng systfo.

http://sourceforge.net/projects/pandora/?source=directoryhttp://sourceforge.net/projects/zenoss/http://sourceforge.net/projects/pandora/?source=directoryhttp://sourceforge.net/projects/zenoss/


16/84

Fgaf ynu hn!kg tn Nfgnss $nrf \f +K enr tdf ekrst tkof% ynu crf prfsfgtfj wktd c

twnC ongktnrkg!% nQ ongktnrkg!

=,9 Ehfxkhf Chfrtkg!% kgahujkg! D jkeefrfgt gntkekactkng oftdnjs% stctus chfrts% hkoktchfrts% tdrfsdnhj chfrts% angjktkngch chfrts% cgj chfrt sadfjuhkg!

=69 Kg


17/84

\dfg ynu hcugad )'Z* Gftwnri 4ngktnr% dfcj strck!dt tn tdf angek!urctkng wkzcrj tn

!ft stcrtfj. Zdks wkzcrj wkhh rug ynu tdrnu!d tdf ockg angek!urctkng sfttkg!s rf8ukrfj

tn !ft tdf cpphkactkng up cgj ruggkg!% kgahujkg! tdf cjjkg! ne sfrvfrs tn ongktnrs cgjwdkad sfgsnrs tn usf.

00. df +ujfZdf 7ujf ks c gftwnri ongktnrkg! tnnh tdct ongktnrs jfvkafs cgj chfrts ynu wdfg

tdfrf ks c prnhfo. Kt acg chsn cutnoctkachhy sacg chh jfvkafs ng c !kvfg sugft cgj

tdfg jrcw cgj hcynut c ocp ne ynur gftwnri.

\dfg ynu hcugad Zdf 7ujf% ynu ekrst adnnsf tn anggfat tn c hnach nr rfontf gftwnri

cgj spfakey arfjfgtkchs caanrjkg!hy. $hkai HQfttkg!s? tn angek!urf nptkngs enr QG4)%

)nhhkg!% Qyshn! cgj 'fpnrts.

0, &phug#Qphugi ks c jctc anhhfatkng cgj cgchysks phctenro tdct chhnws ynu tn ongktnr% !ctdfr

cgj cgchyzf jctc erno jkeefrfgt snurafs ng ynur gftwnri =f.!. fvfgt hn!s% jfvkafs%

sfrvkafs% Z$)A+7) trceeka% fta9. Inu acg sft up chfrts tn gntkey ynu wdfg snoftdkg! ks

wrng! nr usf Qphugi?s fxtfgskvf sfcrad% rfpnrtkg! cgj jcsdncrj efcturfs tn ocif

http://www.mikrotik.com/thedudehttp://www.splunk.com/downloadhttp://www.mikrotik.com/thedudehttp://www.splunk.com/download


18/84

tdf onst ne tdf anhhfatfj jctc. Qphugi chsn chhnws ynu tn kgstchh HCpps? tn fxtfgj

systfo eugatkngchkty.

Gntf= \dfg ynu ekrst jnwghncj cgj kgstchh Qphugi% kt cutnoctkachhy kgstchhs tdf

Bgtfrprksf vfrskng enr ynu tn trkch enr 5 jcys fenrf swktadkg! tn tdf Erff vfrskng. Zn

swktad tn tdf Erff vfrskng strck!dt cwcy% !n tn 4cgc!fr O >kafgskg!.

\dfg ynu hn!kg tn tdf Qphugi wf +K enr tdf ekrst tkof% cjj c jctc snuraf cgj

angek!urf ynur kgjfxfs tn !ft stcrtfj. Fgaf ynu jn tdks ynu acg tdfg arfctf rfpnrts%

ukhj jcsdncrjs% cgj sfcrad cgj cgchyzf jctc.

06. Cglry :) &acggfr Cg!ry K) Qacggfr ks stcgjchngf cpphkactkng tdct ecakhktctfs K) cjjrfss cgj pnrt

sacggkg!. Kt ks usfj tn sacg c rcg!f ne K) cjjrfssfs tn ekgj dnsts tdct crf chkvf cgj

ntckg kgenroctkng cnut tdfo =kgahujkg! 4C$ cjjrfss% npfg pnrts% dnstgcof% pkg!

tkof% GftMkns kgenroctkng% fta9.

\dfg ynu fxfautf tdf cpphkactkng% !n tn Znnhs O )rfefrfgafs tn angek!urf Qacggkg!

cgj )nrt nptkngs% tdfg !n tn Znnhs O Eftadfrs tn adnnsf wdct kgenroctkng tn !ctdfr

erno fcad sacggfj K) cjjrfss.

http://www.angryip.org/w/Downloadhttp://www.angryip.org/w/Download


19/84

0 :akg*c Kak!gc ks c >kgux csfj euhhy npfg snuraf ongktnrkg! cpphkactkng wdkad adfais tdf

cvckhckhkty ne gftwnri rfsnurafs cgj koofjkctfhy gntkekfs usfrs wdfg snoftdkg! !nfs

jnwg. Kak!gc prnvkjfs uskgfss kgtfhhk!fgaf jctc enr kg jfptd cgchysks cgj c pnwfreuh

anoocgj hkgf kgtfrecaf.

\dfg ynu ekrst hcugad tdf Kak!gc wf +K% ynu crf prnoptfj enr arfjfgtkchs. Fgaf

ynu?vf cutdfgtkactfj% usf tdf gcvk!ctkng ofgu ng tdf hfet dcgj skjf tn ocgc!f tdf

angek!urctkng ne dnsts% vkfw tdf jcsdncrj% rfpnrts% sff c dkstnry ne fvfgts% cgj

onrf.

01. ntch 'ftwnr# (ngktnrZntch Gftwnri 4ngktnr angtkgunushy ongktnrs dnsts cgj sfrvkafs ng tdf hnach gftwnri%

gntkeykg! ynu ne cgy kssufs tdct rf8ukrf cttfgtkng vkc c jftckhfj rfpnrt ne tdf prnhfo.

Zdf rfsuht ne fcad prnf ks ahcsskekfj uskg! !rffg% rfj% nr hcai anhnrs tn 8ukaihy sdnw

wdftdfr tdf prnf wcs suaafsseuh% dcj c gf!ctkvf rfsuht nr wcsg?t chf tn anophftf.

\dfg ynu hcugad Zntch Gftwnri 4ngktnr% !n tn Znnhs O Qacg \kzcrj tn dcvf tdf

wkzcrj sacg c spfakekfj gftwnri rcg!f cutnoctkachhy cgj cssk!g tdf jksanvfrfj dnsts

tn c !rnup. Chtfrgctkvfhy% arfctf c gfw !rnup ocguchhy tn stcrt cjjkg! jfvkafsAdnsts

kgjkvkjuchhy.

0. 'ftA(&

https://www.icinga.org/download/http://www.softinventive.com/total-network-monitor/http://www.netxms.org/download/https://www.icinga.org/download/http://www.softinventive.com/total-network-monitor/http://www.netxms.org/download/


20/84

GftL4Q ks c ouhtk


21/84

Fgaf ynu?vf kgstchhfj Lyong% tdf ekrst phcaf ynu gffj tn !n ks tdf dnsts.ae! ekhf tn cjj

tdf dnsts tdct ynu crf !nkg! tn ongktnr. (frf% ynu cjj kgenroctkng suad cs tdf dnst K)

cjjrfss% tdf gftwnri sfrvkafs tn f ongktnrfj% wdct +'>s tn adfai% cgj sn ng.

\dfg ynu hcugad tdf Lyong \f +K% tdf ockg pc!f hksts tdf systfos cgj sfrvkafs

fkg! ongktnrfj y Lyong. $hkaikg! ng fcad systfo nr sfrvkaf chhnws ynu tn rkg! up

stctus kgenroctkng cnut c pcrtkauhcr dnst cgj tdfg jrkhh jnwg tn vkfw spfakeka

kgenroctkng suad cs $)+ utkhkzctkng% ofonry angsuoptkng% 'CK7 stctus% fta.

03. 4krfhfss'ftUkfw\krfhfssGftkfw ks c hk!dtwfk!dt utkhkty =cvckhchf cs c stcgjchngf fxfautchf nr

kgstchhctkng pcaic!f9 tdct ongktnrs tdf catkvkty ne rfcadchf wkrfhfss gftwnris cgj

jksphcys kgenroctkng rfhctfj tn tdfo% suad cs QQK7% Qk!gch uchkty% 4C$ Cjjrfss%

$dcggfh Guofr% $kpdfr Ch!nrktdo% fta.

Cs snng cs ynu fxfautf \krfhfssGftkfw% kt cutnoctkachhy pnpuhctfs c hkst ne chh

rfcadchf \k


22/84

Fgaf ynu hcugad \k


23/84

!gj t#frf‛s onrf& 'e ynu‛rf c sys cjokg t#ct‛s bffg ecafj wkt# ochwcrf

kgefatkng( arcaifj pcsswnrjs( jfecafj wfbsktf( anoprnoksfj J")(

hkafgskgl vknhctkngs( stnhfg #crjwcrf cgj nt#fr kssufs w#ka# acg acusf

acrjkca crrfst* %f #cvf w#ct ynu gffj& Jnwghncj t#ks erff f-bnni+ Ekrst

!kj ,kt enr !jokgs tnjcy&

QG:EE:G4 ZNN!Q=

Znp 30 Jctc/Pcaift Qgkeekgl cgj Cgchyzfr

Znnhs enr Dcaifrs

3= \krfsdcri

\krfsdcri (ignwg cs Ftdfrfch ugtkh c trcjfocri jksputf kg Quoofr 2005) ks c ecgtcstka

npfg snuraf gftwnri prntnanh cgchyzfr enr Vgkx cgj \kgjnws. Kt chhnws ynu tn fxcokgf

jctc erno c hkvf gftwnri nr erno c acpturf ffihf ng jksi. [nu acg kgtfrcatkvfhy brnwsf tdfacpturf jctc, jfhvkgl jnwg kgtn must tdf hfvfh ne pcaift jftckh ynu gffj. \krfsdcri dcs

sfvfrch pnwfreuh efcturfs, kgahujkgl c rkad jksphcy ffihtfr hcgluclf cgj tdf cbkhkty tn vkfw

tdf rfangstruatfj strfco ne c ZAP sfsskng. Kt chsn suppnrts dugjrfjs ne prntnanhs cgj

ofjkc typfs. C tapjuop-hkif angsnhf vfrskng gcofj tftdfrfch ks kgahujfj. Ngf wnrj ne

acutkng ks tdct Ftdfrfch dcs sufffrfj erno jnzfgs ne rfontfhy fxphnktcbhf sfaurkty dnhfs,

http://www.gfi.com/landing/firstaid/?adv=13558&loc=1http://www.gfi.com/landing/firstaid/?adv=13558&loc=1http://www.wireshark.org/http://www.gfi.com/landing/firstaid/?adv=13558&loc=1http://www.gfi.com/landing/firstaid/?adv=13558&loc=1http://www.wireshark.org/


24/84

sn stcy up-tn-jctf cgj bf wcry ne ruggkgl kt ng ugtrustfj nr dnstkhf gftwnris (suad cs

sfaurkty angefrfgafs).

dttp=//ofjkc-2.acaftfad.ano/vkjfn/wkrfsdcri/kgtrnjuatkng-tn-wkrfsdcri/

2= Zapjuop

Zapjuop ks tdf KP sgkfffr wf chh usfj bfenrf Ftdfrfch (\krfsdcri) acof ng tdf safgf,

cgj ocgy ne us angtkguf tn usf kt erfqufgthy. Kt ocy gnt dcvf tdf bfhhs cgj wdksthfs

(suad cs c prftty LVK nr pcrskgl hnlka enr dugjrfjs ne cpphkactkng prntnanhs) tdct

\krfsdcri dcs, but kt jnfs tdf mnb wfhh cgj wktd efwfr sfaurkty dnhfs. Kt chsn rfqukrfs

efwfr systfo rfsnurafs. \dkhf kt jnfsg‛t rfafkvf gfw efcturfs netfg, kt ks catkvfhy

ockgtckgfj tn ffix buls cgj pnrtcbkhkty prnbhfos. Kt ks lrfct enr trcaikgl jnwg gftwnri

prnbhfos nr ongktnrkgl catkvkty. Zdfrf ks c sfpcrctf \kgjnws pnrt gcofj \kgJuop.

ZAPJuop ks tdf snuraf ne tdf Hkbpacp/\kgPacp pcaift acpturf hkbrcry, wdkad ks usfj

byGocp congl ocgy ntdfr tnnhs.

1= Ackg cgj Cbfh

VGKT usfrs netfg soulhy cssfrt tdct tdf bfst erff sfaurkty tnnhs suppnrt tdfkr phctenro

ffirst, cgj \kgjnws pnrts crf netfg cg cetfrtdnuldt. Zdfy crf usuchhy rkldt, but Ackg &

Cbfh ks c lhcrkgl fxafptkng. Zdks \kgjnws-nghy pcsswnrj rfanvfry tnnh dcgjhfs cgfgnronus vcrkfty ne tcsis. Kt acg rfanvfr pcsswnrjs by sgkfigl tdf gftwnri, arcaikgl

fgaryptfj pcsswnrjs uskgl Jkatkngcry, Brutf-Enraf cgj Aryptcgchysks cttcais, rfanrjkgl

UnKP angvfrsctkngs, jfanjkgl sarcobhfj pcsswnrjs, rfvfchkgl pcsswnrj bnxfs,

uganvfrkgl acadfj pcsswnrjs cgj cgchyzkgl rnutkgl prntnanhs. Kt ks chsnwfhh

jnauofgtfj.

:= Iksoft

Iksoft ks cg angsnhf (gaursfs) bcsfj 402.33 hcyfr2 wkrfhfss gftwnri jftfatnr, sgkfffr,

cgj kgtruskng jftfatkng systfo. Kt kjfgtkffifs gftwnris by pcsskvfhy sgkfigl (cs nppnsfj

tn onrf catkvf tnnhs suad csGftQtuobhfr), cgj acg fvfg jfahnci dkjjfg (gng-

bfcangkgl) gftwnris ke tdfy crf kg usf. Kt acg cutnoctkachhy jftfat gftwnri KP bhnais by

sgkfigl ZAP, VJP, CRP, cgj JDAP pcaifts, hnl trcfia kg \krfsdcri/ZAPJuop

anopctkbhf enroct, cgj fvfg phnt jftfatfj gftwnris cgj fstkoctfj rcglfs ng

http://www.netstumbler.com/http://media-2.cacetech.com/video/wireshark/introduction-to-wireshark/http://www.tcpdump.org/http://insecure.org/nmap/http://www.oxid.it/cain.htmlhttp://www.oxid.it/ca_um/http://www.oxid.it/ca_um/http://www.kismetwireless.net/http://www.netstumbler.com/


25/84

jnwghncjfj ocps. Cs ynu okldt fxpfat, tdks tnnh ks anoonghy usfj enr wcrjrkvkgl. Nd,

cgj chsn wcrwchikgl, wcrflykgl, cgj wcrsictkgl, …

6= Jsgkee

Zdks pnpuhcr cgj wfhh-fglkgffrfj suktf by Jul Qngl kgahujfs ocgy

tnnhs. jsgkff, ffihfsgcre, ockhsgcre, oslsgcre, urhsgcre, cgj wfbspy pcsskvfhy ongktnr c

gftwnri enr kgtfrfstkgl jctc (pcsswnrjs, f-ockh, ffihfs, fta.). crpspnne, jgsspnne, cgj

ocane ecakhktctf tdf kgtfrafptkng ne gftwnri trcfia gnrochhy ugcvckhcbhf tn cg cttcaifr

(f.l, juf tn hcyfr-2 swktadkgl). ssdokto cgj wfbokto kophfofgt catkvf ongify-kg-tdf-

okjjhf cttcais clckgst rfjkrfatfj ssd cgj dttps sfsskngs by fxphnktkgl wfci bkgjkgls kg

cj-dna PIK. C sfpcrctfhy ockgtckgfj pcrtkch \kgjnws pnrt ks cvckhcbhf dfrf. Nvfrchh, tdks

ks c lrfct tnnhsft. Kt dcgjhfs prftty ouad chh ne ynur pcsswnrj sgkfigl gffjs.

5= ft!tuobhfr

Gftstuobhfr ks tdf bfst ignwg \kgjnws tnnh enr ffigjkgl npfg wkrfhfss caafss pnkgts

(‘wcrjrkvkgl‟). Zdfy chsn jkstrkbutf c \kgAF vfrskng enr PJCs cgj suadgcofjOkgkstuobhfr. Zdf tnnh ks aurrfgthy erff but \kgjnws-nghy cgj gn snuraf anjf ks

prnvkjfj. Kt usfs conrf catkvf cpprncad tn ffigjkgl \CPs tdcg pcsskvf sgkfffrs suad

csIksoft nrIksOCA.

"= #ttfracp

Fttfracp ks c tfrokgch-bcsfj gftwnri sgkfffr/kgtfrafptnr/hnllfr enr ftdfrgft HCGs. Kt

suppnrts catkvf cgj pcsskvf jkssfatkng ne ocgy prntnanhs (fvfg akpdfrfj ngfs, hkif ssd

cgj dttps). Jctc kgmfatkng kg cg fstcbhksdfj anggfatkng cgj ffihtfrkgl ng tdf fly ks chsn

pnsskbhf, iffpkgl tdf anggfatkng sygadrngkzfj. Ocgy sgkfigl onjfs wfrf kophfofgtfj

tn lkvf ynu c pnwfreuh cgj anophftf sgkfigl suktf. Phulkgs crf suppnrtfj. Kt dcs tdf

cbkhkty tn adfai wdftdfr ynu crf kg c swktadfj HCG nr gnt, cgj tn usf NQ ffiglfrprkgts

(catkvf nr pcsskvf) tn hft ynu ignw tdf lfnoftry ne tdf HCG.

http://www.stumbler.net/http://www.monkey.org/~dugsong/dsniff/http://www.stumbler.net/http://www.stumbler.net/http://www.kismetwireless.net/http://www.kismetwireless.net/http://ettercap.sourceforge.net/


26/84

$= %rfp

glrfp strkvfs tn prnvkjf onst ne LGV lrfp‛s anoong efcturfs, cpphykgl tdfo tn tdf

gftwnri hcyfr. glrfp ks c pacp-cwcrf tnnh tdct wkhh chhnw ynu tn spfakey fxtfgjfj rfluhcr

nr dfxcjfakoch fxprfsskngs tn octad clckgst jctc pcyhncjs ne pcaifts. Kt aurrfgthy

rfanlgkzfs ZAP, VJP cgj KAOP carnss Ftdfrgft, PPP, QHKP, EJJK, Znifg Rkgl cgj guhh

kgtfrecafs, cgj ugjfrstcgjs bpe ffihtfr hnlka kg tdf scof ecsdkng cs onrf anoong pcaift

sgkfigl tnnhs, suad cs tapjuop cgj sgnnp.

&= t'p

Gtnp sdnws gftwnri usclf kg c wcy skokhcr tn wdct tnp jnfs enr prnafssfs. Kg

kgtfrcatkvf onjf, kt jksphcys tdf gftwnri stctus ng tdf usfr‛s tfrokgch. Kg \fb onjf, ktcats cs c \fb sfrvfr, arfctkgl cg DZOH juop ne tdf gftwnri stctus. Kt spnrts c

GftEhnw/sEhnw fokttfr/anhhfatnr, cg DZZP-bcsfj ahkfgt kgtfrecaf enr arfctkgl gtnp-afgtrka

ongktnrkgl cpphkactkngs, cgj RRJ enr pfrskstfgthy stnrkgl trcfia stctkstkas.

3(= #tdfrCpf

FtdfrCpf ks c lrcpdkach gftwnri ongktnr enr Vgkx onjfhfj cetfr ftdfrocg.

Efcturkgl hkgi hcyfr, KP cgj ZAP onjfs, FtdfrCpf jksphcys gftwnri catkvkty lrcpdkachhy

wktd c anhnr anjfj prntnanhs jksphcy. Dnsts cgj hkgis adcglf kg skzf wktd trcfia. Kt

suppnrts Ftdfrgft, EJJK, Znifg Rkgl, KQJG, PPP cgj QHKP jfvkafs. Kt acg ffihtfr trcfia tn

bf sdnwg, cgj acg rfcj trcfia erno c ffihf cs wfhh cs hkvf erno tdf gftwnri.

(.QGN


27/84

Npfg Qnuraf Kgtruskng Jftfatkng Znnhs= CSukai Nvfrvkfw

;nf

Qa2rfk

bfr

Jcgucry

>9$

78>F

,kg#fj:g !caf"nn# wkttfr 1nnlhf )hus 3fjjkt

4dftdfr ynu gffj tn ongktnr dnsts nr tdf gftwnr#s anggfatkgl tdfo tn kjfgtky tdf

hctfst tdrfcts$ tdfrf crf snof lrfct npfg snuraf kgtruskng jftfatkng :+&% tnnhs cvckhc"hf

tn ynu.

: wngEt "nrf ynu wktd dnw hngl :Evf "ffg jnkgl gftwnr# sfaurkty$ "ut :Evf "ffg jnkgl

pca#ft cgchysks "fnrf cgy n tdfsf tnnhs fvfg fxkstfj. apjuop cgj of$ lnnj "ujjkfs.

:Evf jfphnyfj cgj ocgclfj vkrtuchhy fvfry anoofrakch cgj npfg snuraf :+& tnnh nut

tdfrf. :g cat oy crjnr nr pca#fts hcgjfj of c @n" cgchyzkgl gftwnr# trca nr !nrtugf

L8 anopcgkfs wdkhf wnr#kgl ct c oc@nr (&&) :Eo surf fvfryngf dcs dfcrj n. 0gnuld

c"nut of$ hftEs lft tn kt.

'ftwnr# :+& - dfsf tnnhs npfrctf "y kgspfatkgl trca tdct naaurs "ftwffg dnsts.

https://www.alienvault.com/blogs/author/jschreiberhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.linkedin.com/shareArticle?mini=true&url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=LinkedIn&utm_campaign=ShareThis&title=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview&summary=&source=AlienVaulthttps://www.facebook.com/sharer/sharer.php?u=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Facebook&utm_campaign=ShareThishttps://twitter.com/intent/tweet?text=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview&via=AlienVault&url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Twitter&utm_campaign=ShareThishttps://plus.google.com/share?url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=GooglePlus&utm_campaign=ShareThishttp://reddit.com/submit?url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Reddit&utm_campaign=ShareThis&title=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overviewhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.linkedin.com/shareArticle?mini=true&url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=LinkedIn&utm_campaign=ShareThis&title=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview&summary=&source=AlienVaulthttps://www.facebook.com/sharer/sharer.php?u=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Facebook&utm_campaign=ShareThishttps://twitter.com/intent/tweet?text=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview&via=AlienVault&url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Twitter&utm_campaign=ShareThishttps://plus.google.com/share?url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=GooglePlus&utm_campaign=ShareThishttp://reddit.com/submit?url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Reddit&utm_campaign=ShareThis&title=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview


28/84

: ynu crfgEt chrfcjy ruggkgl gftwnr# :+&$ ynu sdnuhj "f. dfrf crf twn typfs n

'ftwnr# :+&=Qk*gct"rf jftfatkng cgj Cgnchy +ftfatkng.

:g c sklgcturf-"csfj :+&$ tdfrf crf ruhfs nr pcttfrgs n #gnwg ochkaknus trca tdct kt ks

hnn#kgl nr. gaf c octad tn c sklgcturf ks nugj kt lfgfrctfs cg chfrt. dfsf chfrts acg

turg up kssufs suad cs ochwcrf$ sacggkgl catkvkty$ cttca#s clckgst sfrvfrs cgj ouad

onrf.

4ktd cgnochy-"csfj :+&$ tdf pcyhncj n tdf trca ks cr hfss kopnrtcgt tdcg tdf catkvkty

tdct lfgfrctfj kt. Cg cgnochy-"csfj :+& tnnh rfhkfs ng "csfhkgfs rctdfr tdcg sklgcturfs.

:t wkhh hnn# nr ugusuch catkvkty tdct jfvkctfs rno stctkstkach cvfrclfs n prfvknus

catkvktkfs nr catkvkty tdct dcs "ffg prfvknushy ugsffg. )frdcps c sfrvfr ks sfgjkgl nut

onrf ) catkvkty tdcg usuch nr c gfw dnst dcs "ffg sffg kgskjf ynur +(B.

Dntd crf typkachhy jfphnyfj kg tdf scof ocggfr$ tdnuld ngf anuhj oc#f tdf acsf ynu

anuhj fcskhy cgj pfnphf dcvf% arfctf cg cgnochy-"csfj :+& ng fxtfrgchhy-anhhfatfj

gftenw jctc nr skokhcr trca kgnroctkng.

,nn#kgl nr cttca#s ksgEt tdf nghy usf acsf nr :+&$ ynu acg chsn usf kt tn gj vknhctkngs

n gftwnr# pnhkay. :+& wkhh tfhh ynu cg fophnyff wcs uskgl 1tch#$ uphncjkgl tn Dnx$ nr

spfgjkgl chh tdfkr tkof wctadkgl uhu kgstfcj n wnr#kgl.

Qgnrt

Cd$ tdf vfgfrc"hf pklly tdct hnvfs pca#fts. :Eo surf fvfryngf rfofo"frs >KK? cs tdf

yfcr c vfrskng n 4kgjnws acof nut "ut kt wcs chsn tdf yfcr tdct (crtkg 3nfsad rst

rfhfcsfj &gnrt. dnuld tdfg kt rfchhy wcsgEt c truf :+&$ kts jfstkgy dcj "ffg wrkttfg.

&kgaf tdfg kt dcs "fanof tdf jf-catn stcgjcrj nr :+& cgj fvfgtuchhy :)& tdcg#s tn

anoougkty f;nrtM%. :tEs kopnrtcgt tn gntf tdct &gnrt dcs gn rfch 1I: nr fcsy tn usf

cjokgkstrctkvf angsnhf. ,nts n ntdfr npfg snuraf tnnhs dcvf "ffg arfctfj tn dfhp nut$

gntc"hy &gnr"y cgj ntdfrs hk#f Dcsf cgj &*ukh.

https://snorby.org/http://sourceforge.net/projects/secureideas/http://sguil.sourceforge.net/http://sguil.sourceforge.net/https://snorby.org/http://sourceforge.net/projects/secureideas/http://sguil.sourceforge.net/


29/84

• ,ngl prnjuat hkf wktd gn sklgs n lnkgl cwcy

• 1rfct anoougkty suppnrt

• )hfgty n cjokgkstrctkvf rngt-fgjs

• dnrnuldhy prnvfg cgj tfstfj

Hnu acg gj &gnrt kgskjf ChkfgUcuht$ gnt @ust usfj cs c tnnh "ut uhhy kgtflrctfj rno

sklgcturf upjctfs tn pca#ft octad jksphcy.

Q"rkactc

4dctEs tdf nghy rfcsng nr gnt ruggkgl &gnrtO : ynuErf uskgl &urkactc kgstfcj. dnuld

&urkactcEs cradktfaturf ks jk;frfgt tdcg &gnrt kt "fdcvfs tdf scof wcy cs &gnrt cgj acg

usf tdf scof sklgcturfs. 4dctEs lrfct c"nut &urkactc ks wdct fhsf ktEs acpc"hf n nvfr&gnrt. :t jnfs sn ouad onrf tdct kt prn"c"hy jfsfrvfs c jfjkactfj pnst n ktEs nwg. ,ftEs

rug jnwg c fw n tdfo=

• (uhtk-drfcjfj - &gnrt rugs wktd c skglhf tdrfcj ofcgkgl kt acg nghy usf ngf

2)Ianrf% ct c tkof. &urkactc acg rug ocgy tdrfcjs sn kt acg tc#f cjvcgtclf n chh tdf

apu/anrfs ynu dcvf cvckhc"hf. dfrf dcs "ffg ouad angtfgtkng ng wdftdfr tdks ks

cjvcgtclfnus$ &gnrt scys 'n cgj c fw "fgadocr#s scy Hfs.

• Dukht kg crjwcrf Caafhfrctkng - +kj ynu #gnw ynu acg usf lrcpdka acrjs tn

kgspfat gftwnr# trcaO

• !khf 0xtrcatkng - &nofngf jnwghncjkgl ochwcrfO Hnu acg acpturf kt rkldt rno

&urkactc cgj stujy kt.

• ,ucJ: - :tEs c hnt n hfttfrs yfs$ "ut ktEs chsn c sarkptkgl fglkgf tdct acg "f usfj

wktd kgnroctkng rno tdf pca#fts kgspfatfj "y &urkactc. dks oc#fs anophfx octadkgl

fvfg fcskfr cgj ynu acg fvfg lckg fakfgay "y ano"kgkgl ouhtkphf ruhfs kgtn ngf

sarkpt.

http://people.clarkson.edu/~jmatthew/publications/SPIE_SnortSuricata_2013.pdfhttp://forums.alienvault.com/discussion/1112/suricata-file-engine-detect-pdf-and-exe-downloadshttp://forums.alienvault.com/discussion/1112/suricata-file-engine-detect-pdf-and-exe-downloadshttps://github.com/EmergingThreats/et-luajit-scriptshttps://github.com/EmergingThreats/et-luajit-scriptshttp://people.clarkson.edu/~jmatthew/publications/SPIE_SnortSuricata_2013.pdfhttp://forums.alienvault.com/discussion/1112/suricata-file-engine-detect-pdf-and-exe-downloadshttp://forums.alienvault.com/discussion/1112/suricata-file-engine-detect-pdf-and-exe-downloadshttps://github.com/EmergingThreats/et-luajit-scriptshttps://github.com/EmergingThreats/et-luajit-scripts


30/84

• ,nllkgl onrf tdcg pca#fts - &urkactc acg lrc" cgj hnl tdkgls hk#f ,&/&&, afrts$

) rf*ufsts$+'& rf*ufsts

• &n ouad onrf...

4ktd sn ocgy fcturfs cgj acpc"khktkfs ktEs gn wngjfr ktEs tdf jfcuht gftwnr# :+& kgskjf

I&( gnw.

rn

Drn$ nr snoftkofs rffrrfj tn cs Drn-:+& ks c "kt jk;frfgt tdcg &gnrt cgj &urkactc. :g c

wcy Drn ks "ntd c sklgcturf cgj cgnochy-"csfj :+&. :ts cgchysks fglkgf wkhh angvfrt

trca acpturfj kgtn c sfrkfs n fvfgts. Cg fvfgt anuhj "f c usfr hnlng tn !)$ c

anggfatkng tn c wf"sktf nr prcatkachhy cgyt2kg*. df pnwfr n tdf systfo ks wdct

anofs ctfr tdf fvfgt fglkgf cgj tdctEs tdf )nhkay &arkpt :gtfrprftfr. dks pnhkay fglkgf

dcs ktEs nwg hcgluclf Drn-&arkpt % cgj kt acg jn snof vfry pnwfruh cgj vfrsctkhf

tcs#s.

: ynuErf cg cgchyst cgj ynuEvf wngjfrfj Gnw acg : cutnoctf snof n oy wnr#OG tdfg

tdks ks tdf tnnh ynuEvf "ffg hnn#kgl nr. 4cgt tn jnwghncj hfs sffg ng tdf wkrf$ su"okt

tdfo nr ochwcrf cgchysks$gntky ynu k c prn"hfo ks nugj tdfg "hca#hkst tdf snuraf cgj

sdutjnwg tdf usfrEs anoputfr wdn jnwghncjfj ktO 4cgt tn trca# tdf usclf pcttfrgs n

c usfr ctfr tdfyEvf angtcatfj cg :) rno c rfputctkng jctc"csfO

: ynuErf gnt cg cgchyst tdcg tdks tnnh wkhh dcvf c adchhfglkgl hfcrgkgl aurvf. &kgaf kt wcs

jfvfhnpfj cs c rfsfcrad tnnh kt jkjgEt kgktkchhy naus ng tdkgls hk#f 1I:s$ usc"khkty$ cgj

fcsf n kgstchhctkng. 4dkhf kt jnfs ocgy annh tdkgls nut n tdf "nx ocgy n tdnsf tdkgls

crfgEt koofjkctfhy catkngc"hf cgj ocy "f jkauht tn kgtfrprft.

&uoocry=

• 2nophkactfj tn sft up

https://home.regit.org/2012/08/tls-fingerprint-store/https://www.alienvault.com/blogs/labs-research/identifying-suspicious-domains-using-dns-recordshttp://liamrandall.com/bro-ids-2-1-file-extraction-how-to/http://liamrandall.com/bro-ids-2-1-file-extraction-how-to/https://github.com/LiamRandall/BroMalware-Exercisehttps://github.com/LiamRandall/BroMalware-Exercisehttp://www.bro.org/sphinx/scripts/base/bif/reporter.bif.htmlhttps://www.bro.org/sphinx-git/_downloads/shunt.brohttp://www.bro.org/community/time-machine.htmlhttp://www.icir.org/vern/papers/bro-CN99.htmlhttps://home.regit.org/2012/08/tls-fingerprint-store/https://www.alienvault.com/blogs/labs-research/identifying-suspicious-domains-using-dns-recordshttp://liamrandall.com/bro-ids-2-1-file-extraction-how-to/https://github.com/LiamRandall/BroMalware-Exercisehttp://www.bro.org/sphinx/scripts/base/bif/reporter.bif.htmlhttps://www.bro.org/sphinx-git/_downloads/shunt.brohttp://www.bro.org/community/time-machine.htmlhttp://www.icir.org/vern/papers/bro-CN99.html


31/84

• 2cg jftfat pcttfrgs n catkvkty ntdfr :+& systfos acg gnt

• Ufry fxtfgsk"hf cradktfaturf

• &tcrtkgl tn lckg c hcrlfr anoougkty nhhnwkgl

9ksft

Just cs &gnrt "facof tdf stcgjcrj nr gftwnr# kgtruskng$ Nksoft ks tdf "csfhkgf nr

wkrfhfss :+&. 4krfhfss :+& jfchs hfss wktd tdf pca#ft pcyhncj "ut onrf wktd strcglf

tdkgls dcppfgkgl kgskjf tdf wkrfhfss prntnanhsonsthy ?87.>>% cgj ugatkngs. 4:+& wkhh

gj ugcutdnrkzfj Caafss )nkgts


32/84

NQQ-A

:g tdf rfcho n uhh fcturfj pfg &nuraf :+& tnnhs$ tdfrf ks &&02 cgj gnt ouad fhsf.

1n cdfcj cgj lnnlhf cwcy$ :Ehh wckt. df lrfct gfws ks &&02 ks vfry lnnj ct wdct kt

jnfs cgj kt ks rctdfr fxtfgsk"hf. &&02 wkhh rug ng chonst cgy oc@nr npfrctkgl systfo

cgj usfs c 2hkfgt/&frvfr "csfj cradktfaturf wdkad ks vfry kopnrtcgt kg c :+& systfo.

&kgaf c :+& anuhj "f pntfgtkchhy anoprnoksfj ct tdf scof tkof tdf & ks$ ktEs vfry

kopnrtcgt tdct sfaurkty cgj nrfgska kgnroctkng hfcvf tdf dnst cgj "f stnrfj fhsfwdfrf

cs snng cs pnssk"hf tn cvnkj cgy #kgj n tcopfrkgl nr n"usactkng tdct wnuhj prfvfgt

jftfatkng.

&&02Es cradktfaturf jfsklg kganrpnrctfs tdks strctfly "y jfhkvfrkgl chfrts cgj hnls tn c

afgtrchkzfj sfrvfr wdfrf cgchysks cgj gntkactkng acg naaur fvfg k tdf dnst systfo ks

tc#fg nPkgf nr anoprnoksfj. Cgntdfr cjvcgtclf n tdks cradktfaturf ks tdf c"khkty

tn afgtrchhy cgc*f clfgts rno c skglhf sfrvfr. &kgaf jfphnyofgts acg rcglf rnongf tn tdnuscgjs n kgstchhctkngs$ tdf c"khkty tn oc#f adcglfs fg ocssf vkc c afgtrch

sfrvfr ks arktkach nr cg cjokgkstrctnrEs scgkty.

4dfg jksausskgl &&02 cgj ntdfr :+& tdfrf ks ntfg trfpkjctkng kg kgstchhkgl cg clfgt

nr sntwcrf ng tn arktkach sfrvfrs. :t sdnuhj "f gntfj tdct tdf kgstchhctkng n &&02 ks

fxtrfofhy hkldt$ tdf kgstchhfr ks "gjfr 3$$ cgj tdct tdf oc@nrkty n cgchysks catuchhy

naaurs ng tdf sfrvfr wdkad ofcgs vfry hktthf apu ks angsuofj "y &&02 ng tdf dnst.

&&02 chsn dcs tdf c"khkty tn sfgj & hnls tn tdf sfrvfr nr cgchysks cgj stnrclf$ wdkad

ks pcrtkauhcrhy dfhpuh ng 4kgjnws ocadkgfs tdct dcvf gn gctkvf cgj arnss-phctnro

hnllkgl ofadcgksos.

&uoocry=

• Clfgts nr chonst fvfry &

• 2nopkhfj Clfgt nr 4kgjnws


33/84

• ,nts n ugatkngchkty tdcg @ust !:(

• 3klkj "ut skophf kgstchhctkng prnafss

I&( fcturfs c anophftf kgtflrctkng n &&02. 4dftdfr ynu gffj tn kgstchh clfgts ng

sfrvfrs$ onjky pnhkakfs$ nr fvfg kgstklctf &&02Es catkvf rfspngsf fcturfs kt acg chh "fjngf wktdkg I&(. ,nls rno &&02 ahkfgts crf chsn prf-kgtflrctfj kgtn I&(Es &:0( cgj

2nrrfhctkng fglkgfs.

Qc2ckg

:g anopcrksng tn &&02$ &codckg ks tdf "fst anopftktkng. Dut ktEs vfry ouad tdf acsf

n scf b"t jk8frfgt wdfg oc#kgl tdf anopcrksng. &codckg dcs tdf scof

ahkfgt/sfrvfr cradktfaturf "ut ktEs gnt "fdnhjfg tn kt hk#f &&02 ks. df clfgt ktsfh dcs c

vcrkfty n nutput oftdnjs$ ngf "fkgl c afgtrch sfrvfr "ut ntdfrs hk#f &yshnl$ 0ockh$ cgj

3+D(& wdkad crf lrfcthy cpprfakctfj.

Cgntdfr kopnrtcgt jk;frfgaf ks wdfrf tdf cgchysks naaurs. Ighk#f &&02 tdf prnafsskgl

naaurs ng tdf ahkfgt ktsfh. 4dkhf tdks jnfs lkvf cg cjvcgtclf kg tfros n prnafsskgl

spffj kt anuhj dcvf pntfgtkch kopcat ng ynur sfrvfrs. nwfvfr$ kt jnfs put tdnsf 2)I

ayahfs tn lnnj usf cs kt dcs c ouad strnglfr fopdcsks ng !:(.

&uoocry=

• crjfr tn kgstchh

• 4kgjnws ahkfgts rf*ukrf 2ylwkg

• 1rfct !:( ugatkngchkty

• (nrf efxk"hf ahkfgt


34/84

N'fg+!P

pfg+,) ksgEt rfchhy c :+& systfo "ut ktEs ugatkngchkty oc#fs kt wnrtd c ofgtkng dfrf.

dks tnnh dcs ngf lnch cgj tdctEs +,) nr +ctc !nss Prf%fgtkng. :t wkhh sacg jctc wdkhf

ktEs Gct?rfstG hnn#kgl nr pkfafs n jctc hk#f arfjkt acrjs nr &&'s cgj acg "f fxtfgjfj

wktd rfluhcr fxprfsskngs tn gj jctc tdct ks sfgsktkvf tn ynur nrlcgkzctkng. pfg+,) wkhh

hnn# nr tdks jctc ng hf systfos nr fvfg kgskjf jctcbcsfs ng "ntd 4kgjnws cgj

,kgux. :t acg chsn pfrnro tdfsf sacgs vkc cg kgstchhc"hf clfgt nr wktdnut cgy sntwcrfkgstchhctkng.

• 'nt c !:( nr :+& tfadgkachhy$ "ut kgtfrfstkgl

• Ufry 4kgjnws rkfgjhy

• ,nn#s nr +,) nghy

E:$ Nghy

dfrf crf *uktf c fw !:( tnnhs tdct lft actflnrkzfj wktd :+&. &nof crf catkvfhyjfvfhnpfj cgj ntdfrs dcvfgEt "ffg upjctfj kg yfcrs. &kgaf tdfsf tnnhs nghy pfrnro

ngf ugatkng : wngEt fhc"nrctf ouad onrf. C fw n tdfsf crf C:+0$ &

rkpwkrf cgj C!ka#.

Qfa"rkty Ngkng

: ynuErf kgtfrfstfj kg trykgl nut snof nr chh n tdf npfg snuraf :+& tnnhs rno tdks pnst

ynu anuhj scvf snof tkof cgj adfa# nut &faurkty gkng. :tEs c jkstrk"utkng n I"ugtu

wktd fvfrytdkgl prf-kgstchhfj.

Qgnrt ks ngf ne tdf kgjustry's tnp gftwnri

kgtruskng-jftfatkng tnnhs, but tdfrf crf

http://aide.sourceforge.net/http://aide.sourceforge.net/http://sourceforge.net/projects/tripwire/http://sourceforge.net/projects/tripwire/http://afick.sourceforge.net/http://aide.sourceforge.net/http://sourceforge.net/projects/tripwire/http://sourceforge.net/projects/tripwire/http://afick.sourceforge.net/


35/84

phfgty ne erff chtfrgctkvfs. Octtdfw

Pcsauaak jksaussfs.

Qfaurkty Ngkng

Qfaurkty Ngkng ks cg Vbugtu-bcsfj Hkgux jkstrkbutkng enr gftwnri ongktnrkgl cgj

kgtruskng jftfatkng. Zdf koclf acg bf jkstrkbutfj cs sfgsnrs wktdkg tdf gftwnri tn

ongktnr ouhtkphf UH!s cgj subgfts" cgj wnris wfhh kg U#wcrf cgj $krtuch

fg$krngofgts. Zdks angeklurctkng acg bf usfj cs cg %&Q nghy. %t ksg't aurrfgthy

suppnrtfj tn bf rug cs cg %(Q. )nwf$fr" tdfrf ks tdf nptkng tn rug tdks bntd cs c

gftwnri cgj dnst kgtruskng-jftfatkng jfphnyofgt" cgj tn utkhk*f sfr$kafs suad cs Q+ukh"

,rn %&Q cgj NQQ tn pfrenro tdf %&Q eugatkngs ne tdf sfr$kaf. Zdf wkik cgj

jnauofgtctkng enr tdf sktf cgj snetwcrf ks tfrrkeka" cgj jfefats cgj buls crf rfanrjfj

cgj rf$kfwfj. s lrfct cs Qfaurkty Ngkng ks" dnwf$fr" kt stkhh gffjs onrf csskstcgaf

wktd jf$fhnpofgt" wdkad wkhh onst hkifhy dcppfg kg tkof.

NQQFA

NQQ ks cg npfg snuraf dnst kgtruskng-jftfatkng systfo /)%&Q0 tdct jnfs onrf tdcg

jftfat kgtruskngs. Hkif onst npfg snuraf %&Q neefrkgls" tdfrf crf ouhtkphf cjjktkngch

onjuhfs tdct acg bf usfj wktd tdf anrf eugatkngchkty ne %&Q. %g cjjktkng tn gftwnri

kgtruskng-jftfatkng" tdf NQQ ahkfgt dcs tdf cbkhkty tn pfrenro ekhf kgtflrkty

ongktnrkgl cgj rnntikt jftfatkng wktd rfch-tkof chfrts" chh ne wdkad crf afgtrchhyocgclfj wktd tdf cbkhkty tn arfctf jkeefrfgt pnhkakfs" jfpfgjkgl ng c anopcgy's gffjs.

Zdf NQQ ahkfgt rugs hnachhy ng onst npfrctkgl systfos" kgahujkgl Hkgux $frskngs"

#ca NQ3 cgj 2kgjnws. %t chsn neefrs anoofrakch suppnrt $kc Zrfgj #karn's 1hnbch

Quppnrt Zfco. Zdks ks c $fry octurf neefrkgl.

http://searchsecurity.techtarget.com/video/Security-Onion-tutorial-Analyze-network-traffic-using-Security-Onionhttp://searchsecurity.techtarget.com/tip/Video-OSSEC-screenshots-show-how-to-use-the-free-IDShttp://searchsecurity.techtarget.com/video/Security-Onion-tutorial-Analyze-network-traffic-using-Security-Onionhttp://searchsecurity.techtarget.com/tip/Video-OSSEC-screenshots-show-how-to-use-the-free-IDS


36/84

PRN+

Angtfgt

Ekgj onrf PRN+ angtfgt cgj ntdfr ofobfr nghy nfffrs,dfrf.

• F-Dcgjbnni

Hfcrg cbnut usfr cutdfgtkactkng oftdnjs, erno pcsswnrjs tn bknoftrkas

• F-]kgf

Kgskjfr Fjktkng= Bfyngj 'gfxt lfg'= Puttkgl c 23st afgtury sfaurkty strctfly kg phcaf

• F-Dcgjbnni

\dct tn Hnni enr kg Qfaurf Qnaifts Hcyfr

Npfg\KPQ-GL

Npfg2%(Q-!1 ks c erff wkrfhfss %&Q:%(Q tdct rfhkfs ng c sfr$fr" sfgsnrs cgj

kgtfrecafs. %t rugs ng anoonjkty dcrjwcrf. rfctfj by tdf cutdnr ne krarcai-!1" tdks

systfo usfs ocgy ne tdf eugatkngs cgj sfr$kafs chrfcjy bukht kgtn krarcai-!1 enr

sacggkgl" jftfatkng cgj kgtruskng prf$fgtkng. Npfg2%(Q-!1 ks onjuhcr cgj chhnws

cg cjokgkstrctnr tn jnwghncj phul-kgs enr cjjktkngch efcturfs. Zdf jnauofgtctkng ksg't

cs jftckhfj cs snof systfos'" but kt chhnws enr anopcgkfs tn pfrenro 2%(Q ng c tkldt

bujlft.

Qurkactc

Nut ne chh tdf %&Q:%(Q systfos tdct crf aurrfgthy c$ckhcbhf" Qurkactc anopftfs onst

jkrfathy wktd Qgnrt. Zdks systfo dcs cg cradktfaturf tdct ks skokhcr tn Qgnrt's" rfhkfs ng

sklgcturfs hkif Qgnrt" cgj acg f$fg usf tdf U6Z Qgnrt ruhfs cgj tdf scof ofrlkgl

http://pro.techtarget.com/ProLP?Offer=PROContentBoxhttp://searchsecurity.techtarget.com/ehandbook/Learn-about-user-authentication-methods-from-passwords-to-biometricshttp://searchsecurity.techtarget.com/ezine/Information-Security-magazine/Insider-Edition-Beyond-next-gen-Putting-a-21st-century-security-strategy-in-placehttp://searchsecurity.techtarget.com/ehandbook/What-to-Look-for-in-Secure-Sockets-Layerhttp://searchenterprisedesktop.techtarget.com/tip/The-what-why-and-how-of-wireless-intrusion-prevention-systemshttp://searchsecurity.techtarget.com/feature/Seven-criteria-for-purchasing-a-wireless-intrusion-prevention-systemhttp://searchsecurity.techtarget.com/feature/Seven-criteria-for-purchasing-a-wireless-intrusion-prevention-systemhttp://searchnetworking.techtarget.com/answer/Intrusion-detection-vs-intrusion-preventionhttp://doc.emergingthreats.net/http://pro.techtarget.com/ProLP?Offer=PROContentBoxhttp://searchsecurity.techtarget.com/ehandbook/Learn-about-user-authentication-methods-from-passwords-to-biometricshttp://searchsecurity.techtarget.com/ezine/Information-Security-magazine/Insider-Edition-Beyond-next-gen-Putting-a-21st-century-security-strategy-in-placehttp://searchsecurity.techtarget.com/ehandbook/What-to-Look-for-in-Secure-Sockets-Layerhttp://searchenterprisedesktop.techtarget.com/tip/The-what-why-and-how-of-wireless-intrusion-prevention-systemshttp://searchsecurity.techtarget.com/feature/Seven-criteria-for-purchasing-a-wireless-intrusion-prevention-systemhttp://searchsecurity.techtarget.com/feature/Seven-criteria-for-purchasing-a-wireless-intrusion-prevention-systemhttp://searchnetworking.techtarget.com/answer/Intrusion-detection-vs-intrusion-preventionhttp://doc.emergingthreats.net/


37/84

Zdrfct ruhf sft tdct Qgnrt ktsfhe usfs. ,fkgl gfwfr tdcg Qgnrt" Qurkactc dcs wcys tn

actad up tn kg tdks crfc. %e Qgnrt ksg't cg nptkng kg ynur nrlcgk*ctkng" tdks ks tdf ahnsfst

erff tnnh c$ckhcbhf tn rug ng cg fgtfrprksf gftwnri.

Brn KJQ

,rn %&Q ks skokhcr tn Qfaurkty Ngkng kg tdct kt usfs onrf tdcg %&Q ruhfs tn jftfrokgf

wdfrf cttcais crf anokgl erno. ,rn %&Q usfs c anobkgctkng ne tnnhs. t ngf pnkgt kt

usfj Qgnrt-bcsfj sklgcturfs ang$frtfj kgtn ,rn sklgcturfs. Zdks ks gn hnglfr tdf acsf"

cgj kt ks gnw pnsskbhf tn wrktf austno sklgcturfs enr tdf ,rn %&Q. Zdks systfo ks

dkldhy jnauofgtfj cgj dcs bffg crnugj enr n$fr 5< yfcrs.

Qgnrt dcs jfekgktfhy ocjf kts prfsfgaf ignwg by tdf kgehufgaf kt dcs n$fr onst ne tdf

%&Q:%(Q ocrift" kgahujkgl erffwcrf cgj npfg snuraf %&Q:%(Q. Zdf systfos rf$kfwfj

dfrf chh pfrenro %&Q:%(Q c hktthf jkeefrfgthy" but crf suktcbhf" erff chtfrgctk$fs tdct

anopcgkfs ng c bujlft acg utkhk*f tn onrf euhhy prntfat tdfkr gftwnri.

Erno tdf fjktnr= Onrf ng Kgtruskng Jftfatkng Qystfos

:gtruskng jftfatkng cgj prfvfgtkng sfaurkty lukjf

:+& cgj :)& kophfofgtctkng cgj jfphnyofgt "fst prcatkafs

Cbnut tdf cutdnr

Octtdfw Pcsauaak ks c sfgknr kgenroctkng sfaurkty fglkgffr enr c hcrlf rftckh

anopcgy, wdfrf df hfcjs tdf tdrfct cgj vuhgfrcbkhkty ocgclfofgt prnlrco. Df's

wrkttfg enr vcrknus kgenroctkng sfaurkty pubhkactkngs, dcs spnifg enr ocgy kgjustry

anopcgkfs cgj ks dfcvkhy kgvnhvfj wktd dks hnach KgercLcrj adcptfr. nu acg enhhnw

dko ng !wkttfr ct "octtdfwpcsauaak nr adfai nut dks bhnl ct

www.erngthkgfsfgtkgfh.ano.

http://doc.emergingthreats.net/http://searchsecuritychannel.techtarget.com/feature/What-is-the-difference-between-Snort-and-Brohttp://searchsecurity.techtarget.com/tutorial/Intrusion-detection-and-prevention-learning-guidehttp://searchsecurity.techtarget.com/guides/IPS-IDS-best-practices-Implementation-and-deploymenthttp://doc.emergingthreats.net/http://searchsecuritychannel.techtarget.com/feature/What-is-the-difference-between-Snort-and-Brohttp://searchsecurity.techtarget.com/tutorial/Intrusion-detection-and-prevention-learning-guidehttp://searchsecurity.techtarget.com/guides/IPS-IDS-best-practices-Implementation-and-deployment


38/84

QfaZnnhs.Nrl= Znp 326 Gftwnri Qfaurkty Znnhs

4nr onrf tdcg c jfacjf" tdf !ocp (rn;fat dcs bffg actchnlukgl tdf gftwnri sfaurktyanoougkty's ec$nrktf tnnhs. %g =955 tdks sktf bfacof ouad onrf jygcoka" neefrkglrctkgls" rf$kfws" sfcradkgl" snrtkgl" cgj c gfw tnnh sullfstkng enro. Zdks sktf chhnwsnpfg snuraf cgj anoofrakch tnnhs ng cgy phctenro" fxafpt tdnsf tnnhs tdct wfockgtckg /suad cs tdf !ocp Qfaurkty Qacggfr " !act gftwnri anggfatnr " cgj !pkgl

pcaift ocgkpuhctnr 0.

2f'rf $fry koprfssfj by tdf anhhfatk$f socrts ne tdf sfaurkty anoougkty cgj wfdkldhy rfanoofgj rfcjkgl tdf wdnhf hkst cgj kg$fstklctkgl cgy tnnhs ynu crf

ugecokhkcr wktd. hkai cgy tnnh gcof enr onrf jftckhs ng tdct pcrtkauhcr cpphkactkng"kgahujkgl tdf adcgaf tn rfcj /cgj wrktf0 rf$kfws. #cgy sktf fhfofgts crf fxphckgfj bytnnh tkps ke ynu dn$fr ynur onusf n$fr tdfo. g;ny8

4khtfrkgl by tcl?

• kjs

rfon$f ekhtfrs

Qnrt by? pnpuhcrkty rctkgl rfhfcsf jctf

7 tnnhs

=09 Qgnrt (#6, !

http://nmap.org/http://sectools.org/contrib/http://nmap.org/http://nmap.org/ncat/http://nmap.org/nping/http://nmap.org/nping/http://sectools.org/tag/ids/http://sectools.org/http://sectools.org/?sort=ratinghttp://sectools.org/?sort=releasehttp://sectools.org/tool/snort/#commentshttp://sectools.org/tool/snort/#commentshttp://sectools.org/tool/snort/http://nmap.org/http://sectools.org/contrib/http://nmap.org/http://nmap.org/ncat/http://nmap.org/nping/http://nmap.org/nping/http://sectools.org/tag/ids/http://sectools.org/http://sectools.org/?sort=ratinghttp://sectools.org/?sort=releasehttp://sectools.org/tool/snort/#commentshttp://sectools.org/tool/snort/


39/84

Zdks gftwnri kgtruskng jftfatkng cgj prf$fgtkng systfo fxafhs ct trceeka cgchysks cgj

pcaift hnllkgl ng %( gftwnris. Zdrnuld prntnanh cgchysks" angtfgt sfcradkgl" cgj$crknus prf-prnafssnrs" Qgnrt jftfats tdnuscgjs ne wnros" $uhgfrcbkhkty fxphnktcttfopts" pnrt sacgs" cgj ntdfr suspkaknus bfdc$knr. Qgnrt usfs c ehfxkbhf ruhf-bcsfjhcgluclf tn jfsarkbf trceeka tdct kt sdnuhj anhhfat nr pcss" cgj c onjuhcr jftfatkngfglkgf. hsn adfai nut tdf erff ,cska gchysks cgj Qfaurkty glkgf /,Q0" c wfbkgtfrecaf enr cgchy*kgl Qgnrt chfrts.

2dkhf Qgnrt ktsfhe ks erff cgj npfg snuraf" pcrfgt anopcgy Qnuraf4krf neefrs tdfkrU6Z-afrtkekfj ruhfs enr >@CC pfr sfgsnr pfr yfcr cgj c anophfofgtcry prnjuat hkgf nesnetwcrf cgj cpphkcgafs wktd onrf fgtfrprksf-hf$fh efcturfs. Qnurafekrf chsn neefrs c

erff B9-jcy jfhcyfj effj. 6fcj = rf$kfws.

Hctfst rfhfcsf= $frskng =.C.A.< ng Juhy =B" =95< /59 ongtds" 5 wffi cln0.

•

n

n

•

n

n

n

n

http://secureideas.sourceforge.net/http://www.sourcefire.com/http://sectools.org/tool/snort/#commentshttp://secureideas.sourceforge.net/http://www.sourcefire.com/http://sectools.org/tool/snort/#comments


40/84

n

n

•

n kjs

=09 NQQ" $KJQ (#%, &!

NQQ )%&Q pfrenros hnl cgchysks" kgtflrkty adfaikgl" rnntikt jftfatkng" tkof-bcsfjchfrtkgl cgj catk$f rfspngsf. %g cjjktkng tn kts %&Q eugatkngchkty" kt ks anoonghy usfj

cs c Q#:Q%# snhutkng. ,facusf ne kts pnwfreuh hnl cgchysks fglkgf" %Q(s"ugk$frsktkfs cgj jctc afgtfrs crf ruggkgl NQQ )%&Q tn ongktnr cgj cgchy*f tdfkrekrfwchhs" %&Qs" wfb sfr$frs cgj cutdfgtkactkng hnls. 6fcj = rf$kfws.

Hctfst rfhfcsf= $frskng =.F.= ng Jugf 59" =95< /55 ongtds" = wffis cln0.

•

n

n

•

n

n

n

http://sectools.org/tag/ids/http://sectools.org/tool/ossec/#commentshttp://sectools.org/tool/ossec/#commentshttp://sectools.org/tool/ossec/http://sectools.org/tool/ossec/#commentshttp://sectools.org/tag/ids/http://sectools.org/tool/ossec/#commentshttp://sectools.org/tool/ossec/http://sectools.org/tool/ossec/#comments


41/84

n

n

n

•

n kjs

=,9 'NQQK (#)*, gfw! !

hkfg$cuht NQQ%# stcgjs enr Npfg Qnuraf Qfaurkty %genroctkng #cgclfofgt. %tslnch ks tn prn$kjf c anoprfdfgsk$f anopkhctkng ne tnnhs wdkad" wdfg wnrikgltnlftdfr" lrcgt gftwnri:sfaurkty cjokgkstrctnrs wktd c jftckhfj $kfw n$fr fcad cgjf$fry cspfat ne gftwnris" dnsts" pdyskach caafss jf$kafs" cgj sfr$frs. NQQ%#kganrpnrctfs sf$frch ntdfr tnnhs" kgahujkgl !clkns cgj NQQ )%&Q. 6fcj = rf$kfws.

Hctfst rfhfcsf= $frskng


42/84

n

n

n

n

•

n kjs

=09 Q+ukh (#*, -!

Qlukh /prngnugafj slwffh0 ks bukht by gftwnri sfaurkty cgchysts enr gftwnri sfaurktycgchysts. Qlukh's ockg anopngfgt ks cg kgtuktk$f 1V% tdct prn$kjfs caafss tn rfchtkoff$fgts" sfsskng jctc" cgj rcw pcaift acpturfs. Qlukh ecakhktctfs tdf prcatkaf ne !ftwnri Qfaurkty #ngktnrkgl cgj f$fgt jrk$fg cgchysks. 6fcj 5 rf$kfw.

Hctfst rfhfcsf= $frskng 9.C.9 ng #crad =F" =95@ /= yfcrs" 5 ongtd cln0.

•

n

n

•

http://sectools.org/tag/ids/http://sectools.org/tool/sguil/#commentshttp://sectools.org/tool/sguil/#commentshttp://sectools.org/tool/sguil/http://sectools.org/tool/sguil/#commentshttp://sectools.org/tag/ids/http://sectools.org/tool/sguil/#commentshttp://sectools.org/tool/sguil/http://sectools.org/tool/sguil/#comments


43/84

n

n

n

n

n

n

•

n kjs

=09 CraQk+.t QK" ph/t0nro (#--6, gfw! !

raQkldt prn$kjfs c suktf ne tnnhs enr Q%#Esfaurkty kgenroctkng cgj f$fgtocgclfofgt. Zdf bfst-ignwg sffos tn bf raQkldt gtfrprksf Qfaurkty #cgclfr/Q#0" jfsarkbfj cs tdf LbrckgL ne tdf Q%# phctenro. %t ks c hnl cgchy*fr cgjanrrfhctkng fglkgf jfsklgfj tn sket nut kopnrtcgt gftwnri f$fgts. Zdf Q# ktsfhe ks cstcgjchngf cpphkcgaf" cgj tdf ocgclfofgt prnlrcos rug ng Hkgux" 2kgjnws" %3"cgj Qnhcrks. 4nr npfg-snuraf chtfrgctk$fs sff NQQ )%&Q cgj NQQ%#. 6fcj 5rf$kfw.

•

n

n

http://sectools.org/tag/ids/http://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/http://sectools.org/tag/new/http://www.arcsight.com/products/products-esm/http://www.arcsight.com/products/products-esm/http://sectools.org/tool/ossec/http://sectools.org/tool/ossim/http://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/#commentshttp://sectools.org/tag/ids/http://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/http://sectools.org/tag/new/http://www.arcsight.com/products/products-esm/http://www.arcsight.com/products/products-esm/http://sectools.org/tool/ossec/http://sectools.org/tool/ossim/http://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/#comments


44/84

•

n

n

n

n

n

•

n kjs

=09 $ngfy3 (#-), ))!

)ngfyj ks c sochh jcfong tdct arfctfs $krtuch dnsts ng c gftwnri. Zdf dnsts acg bfangeklurfj tn rug crbktrcry sfr$kafs" cgj tdfkr Z( pfrsngchkty acg bf cjcptfj sn tdcttdfy cppfcr tn bf ruggkgl afrtckg $frskngs ne npfrctkgl systfos. )ngfyj fgcbhfs cskglhf dnst tn ahcko ouhtkphf cjjrfssfs ng c H! enr gftwnri skouhctkng. %t ks

pnsskbhf tn pkgl tdf $krtuch ocadkgfs" nr tn trcafrnutf tdfo. gy typf ne sfr$kaf ng tdf$krtuch ocadkgf acg bf skouhctfj caanrjkgl tn c skophf angeklurctkng ekhf. %t ks chsn pnsskbhf tn prnxy sfr$kafs tn cgntdfr ocadkgf rctdfr tdcg skouhctkgl tdfo. %t dcsocgy hkbrcry jfpfgjfgakfs" wdkad acg ocif anopkhkgl:kgstchhkgl )ngfyjjkeekauht. 6fcj = rf$kfws.

Hctfst rfhfcsf= $frskng 5.


45/84

:GEN


46/84

Zdfrf crf hnt ocgy tnnhs tdct ynu !uys acg usf enr kgenroctkng !ctdfrkg!.

Znp Kgenroctkng Lctdfrkgl Znnhs=

Gocp

dttp=//gocp.nrl/

P0e

dttp=//hacotue.anrfjuop.ax/p0e.sdtoh

OkglQwffpfr

dttp=//www.dnnbkf.gft/okglswffpfr/

ZDA Cocp

dttp=//erffwnrhj.tda.nrl/tda-cocp/

Cglry KP Qacggfr

dttp=//www.cglryzkbfr.ano/w/Jnwghncj

Vgkanrgsacg

dttp=//snurafenrlf.gft/prnmfats/nscaf

Qcospcjf

dttp=//scospcjf.nrl/


47/84

Qtrnbf

dttp=//pcaiftstnrosfaurkty.nrl/VGKT/sacggfrs/

Gftactdttp=//gftact.snurafenrlf.gft/

Qupfrsacg

dttp=//www.enugjstngf.ano/us/rfsnurafs/prnjjfsa/supfrsacg.dto

QSH Qacg

dttp=//www.enugjstngf.ano/us/rfsnurafs/prnjjfsa/sqhsacg.dto

kpFyf

dttp=//www.gtsfaurkty.gu/tnnhbnx/kpfyf/

Guif Gcbbfr

dttp=//pcaiftstnrosfaurkty.nrl/OQJNQ/cujkt/gg2;b.fxf

Qgnrt

dttp=//www.sgnrt.nrl

Zrnut

dttp=//www.enugjstngf.ano/us/rfsnurafs/prnjjfsa/trnut.dto

Dpkgl2

dttp=//www.dpkgl.nrl/

TPrnbf2


48/84

dttp=//www.sys-sfaurkty.ano/kgjfx.pdp>pclf?xprnbf

FtdfrPffi (gnw ignwg NogkPffi)

dttp=//www.wkhjpcaifts.ano/

Zdks ks gnt tdf anophftf hkst cgj ynu crf wfhanof tn angtrkbutf tn tdks hkst. Cgy gfw

kgenroctkng lctdfrkgl tnnhs crf wfhanof, phfcsf hfcvf ct anoofgt.

Rfcj onrf=Znp Kgenroctkng Lctdfrkgl Znnhs Enr Dcaifrs ¹ Dcaikgl Lffis

GFZ\NRI QACGGKGL ZNNHQ=

of nghy hnni ct spfakffia vuhgfrcbkhktkfs, but tdfrf crf chsn tdnsf

tdct nfffr brncj KZ sfaurkty sacggkgl. (\ctad tdfshkjfsdnw

vfrskng ne tdks stnry.)

3. NpfgUCQ

ZdfNpfg Uuhgfrcbkhkty Cssfssofgt Qystfo (NpfgUCQ) ks c erff

gftwnri sfaurkty sacggfr phctenro, wktd onst anopngfgtshkafgsfj ugjfr tdf LGV Lfgfrch Pubhka Hkafgsf (LGV LPH). Zdf

ockg anopngfgt ks cvckhcbhf vkc sfvfrch Hkgux pcaiclfs nr cs c

jnwghncjcbhf Ukrtuch Cpphkcgaf enr tfstkgl/fvchuctkng purpnsfs.

Zdnuld tdf sacggfr ktsfhe jnfsg‛t wnri ng \kgjnws ocadkgfs,

tdfy nfffr ahkfgts enr \kgjnws.

http://www.internetgeeks.org/tech/hacking/top-information-gathering-tools-hackers/#ixzz49iZzDSKXhttp://www.networkworld.com/slideshow/150599/6-free-network-vulnerability-scanners.htmlhttp://www.networkworld.com/slideshow/150599/6-free-network-vulnerability-scanners.htmlhttp://www.openvas.org/http://www.internetgeeks.org/tech/hacking/top-information-gathering-tools-hackers/#ixzz49iZzDSKXhttp://www.networkworld.com/slideshow/150599/6-free-network-vulnerability-scanners.htmlhttp://www.networkworld.com/slideshow/150599/6-free-network-vulnerability-scanners.htmlhttp://www.openvas.org/


49/84

Zdf ockg anopngfgt ne tdf NpfgUCQ ks tdf sfaurkty sacggfr,

wdkad nghy acg rug kg Hkgux. Kt jnfs tdf catuch wnri ne sacggkgl

cgj rfafkvfs c effj upjctfj jckhy ne Gftwnri Uuhgfrcbkhkty Zfsts

(GUZ), onrf tdcg 11,000 kg tntch.

Zdf NpfgUCQ Ocgclfr angtrnhs tdf sacggfr cgj prnvkjfs tdf

kgtfhhklfgaf. Zdf NpfgUCQ Cjokgkstrctnr prnvkjfs c anoocgj-

hkgf kgtfrecaf cgj acg cat cs euhh sfrvkaf jcfong, prnvkjkgl usfr

ocgclfofgt cgj effj ocgclfofgt.

Zdfrf crf c anuphf ahkfgts tn sfrvf cs tdf LVK nr AHK. Zdf

Lrffgbngf Qfaurkty Csskstcgt (LQC) nfffrs c wfb-bcsfj LVK.

Zdf Lrffgbngf Qfaurkty Jfsitnp (LQJ) ks c St-bcsfj jfsitnp

ahkfgt tdct rugs ng vcrknus NQs, kgahujkgl Hkgux cgj \kgjnws.

Cgj tdf NpfgUCQ AHK nfffrs c anoocgj-hkgf kgtfrecaf.

NpfgUCQ ksg‛t tdf fcskfst cgj qukaifst sacggfr tn kgstchh cgj

usf, but kt‛s ngf ne tdf onst efcturf-rkad, brncj KZ sfaurkty

sacggfrs tdct ynu acg ffigj enr erff. Kt sacgs enr tdnuscgjs ne

vuhgfrcbkhktkfs, suppnrts angaurrfgt sacg tcsis, cgj sadfjuhfj

sacgs. Kt chsn nfffrs gntf cgj echsf pnsktkvf ocgclfofgt ne tdf

sacg rfsuhts. Dnwfvfr, kt jnfs rfqukrf Hkgux ct hfcst enr tdf ockg

anopngfgt.

2. Rftkgc AQ Anoougkty

Rftkgc AQ Anoougkty prnvkjfs vuhgfrcbkhkty sacggkgl cgj

pctadkgl enr Okarnsnet cgj anoong tdkrj-pcrty cpphkactkngs, suad

cs Cjnbf cgj Ekrfenx, enr up tn 265 KPs erff. Phus kt suppnrts

vuhgfrcbkhktkfs wktdkg onbkhf jfvkafs, wfb cpphkactkngs, vkrtuchkzfj

cpphkactkngs, sfrvfrs, cgj prkvctf ahnujs. Kt hnnis enr gftwnri

vuhgfrcbkhktkfs, angffilurctkng kssufs, cgj oksskgl pctadfs.

http://go.beyondtrust.com/cscommunityhttp://go.beyondtrust.com/cscommunity


50/84

Zdf Rftkgc AQ Anoougkty snetwcrf fssfgtkchhy prnvkjfs must tdf

pctadkgl eugatkngchkty.Rftkgc Gftwnri Anoougkty ks tdf snetwcrf

tdct prnvkjfs tdf vuhgfrcbkhkty sacggkgl, wdkad oust bf

sfpcrctfhy kgstchhfj bfenrf tdf Rftkgc AQ Anoougkty snetwcrf.

RFQNVRAFQ

UKJFN/\FBACQZ

Hkvf \fbacst


51/84

Zn sacg ynu acg adnnsf erno c vcrkfty ne sacg cgj rfpnrt

tfophctfs cgj spfakey KP rcglf tn sacg nr usf tdf socrt sfhfatkng

eugatkng. [nu acg prnvkjf cgy gfafsscry arfjfgtkchs enr sacggfj

cssfts tdct rfqukrf tdfo cgj adnnsf dnw ynu wcgt tdf rfpnrt

jfhkvfrfj, kgahujkgl fockh jfhkvfry nr chfrts.

Rftkgc AQ Anoougkty ks c lrfct erff nfffrkgl by c anoofrakch

vfgjnr, prnvkjkgl sacggkgl cgj pctadkgl enr up tn 265 KPs erff

cgj suppnrtkgl c vcrkfty ne cssfts. Dnwfvfr, snof sochh

buskgfssfs ocy ffigj tdf systfo rfqukrfofgts tnn strkglfgt, cs kt

rfqukrfs c \kgjnws Qfrvfr.

1. Okarnsnet Bcsfhkgf Qfaurkty Cgchyzfr (OBQC)

Okarnsnet Bcsfhkgf Qfaurkty Cgchyzfr (OBQC) acg pfrenro hnach

nr rfontf sacgs ng \kgjnws jfsitnps cgj sfrvfrs, kjfgtkeykgl

cgy oksskgl sfrvkaf pcais, sfaurkty pctadfs, cgj anoong

sfaurkty oksangffilurctkngs. Zdf 2.1 rfhfcsf cjjs suppnrt enr

\kgjnws 4.3, \kgjnws 4, \kgjnws Qfrvfr 2032 R2, cgj

\kgjnws Qfrvfr 2032, wdkhf chsn suppnrtkgl prfvknus vfrskngs

jnwg tn \kgjnws TP.

OBQC ks rfhctkvfhy strckldtenrwcrj tn ugjfrstcgj cgj usf. \dfg

ynu npfg kt ynu acg sfhfat c skglhf \kgjnws ocadkgf tn sacg by

adnnskgl c anoputfr gcof erno tdf hkst nr spfakeykgl cg KP

cjjrfss nr wdfg sacggkgl ouhtkphf ocadkgfs ynu acg adnnsf cg

fgtkrf jnockg nr spfakey cg KP cjjrfss rcglf. [nu acg tdfg

adnnsf wdct ynu wcgt tn sacg enr, kgahujkgl \kgjnws, KKQ cgj

QSH cjokgkstrctkvf vuhgfrcbkhktkfs, wfci pcsswnrjs, cgj\kgjnws upjctfs.

ZNP GF\Q

http://www.microsoft.com/en-us/download/details.aspx?id=7558http://www.microsoft.com/en-us/download/details.aspx?id=7558


52/84

•

Qchfsenraf pkais C\Q cs prfefrrfj pubhka ahnuj prnvkjfr

•

Buskgfss usfrs lft hkvf adct kg Nfiaf Nghkgf

•

EAA enrochkzfs ocsskvf ffigfs enr sfhhkgl, uskgl afhh-pdngf mcoofrs

http://www.networkworld.com/article/3075533/salesforce-picks-aws-as-preferred-public-cloud-provider.htmlhttp://www.networkworld.com/article/3074668/business-users-get-live-chat-in-office-online.htmlhttp://www.networkworld.com/article/3075024/mobile-wireless/fcc-formalizes-massive-fines-for-selling-using-cell-phone-jammers.htmlhttp://www.networkworld.com/article/3075533/salesforce-picks-aws-as-preferred-public-cloud-provider.htmlhttp://www.networkworld.com/article/3074668/business-users-get-live-chat-in-office-online.htmlhttp://www.networkworld.com/article/3075024/mobile-wireless/fcc-formalizes-massive-fines-for-selling-using-cell-phone-jammers.html


53/84

Ngaf tdf sacg ks anophftf ynu‛hh ffigj c sfpcrctf rfpnrt enr fcad

\kgjnws ocadkgf sacggfj wktd cg nvfrchh sfaurkty ahcsskffiactkng

cgj actflnrkzfj jftckhs ne tdf rfsuhts. Enr fcad ktfo ynu acg ahkai

c hkgi tn rfcj jftckhs ng wdct wcs sacggfj cgj dnw tn anrrfat kt,

ke c vuhgfrcbkhkty wfrf enugj, cgj enr snof ynu acg ahkai tn sff

onrf rfsuht jftckhs. Zdf rfpnrts crf cutnoctkachhy scvfj enr euturf

rfefrfgaf, but ynu acg chsn prkgt cgj/nr anpy tdf rfpnrt tn tdf

ahkpbncrj.

Chtdnuld erff cgj usfr-erkfgjhy, iffp kg okgj tdct OBQC hcais

sacggkgl ne cjvcgafj \kgjnws sfttkgls, jrkvfrs, gng-Okarnsnet

snetwcrf, cgj gftwnri-spfakffia vuhgfrcbkhktkfs. Gfvfrtdfhfss, kt‛s c

lrfct tnnh tn dfhp ynu ffigj cgj okgkokzf lfgfrch sfaurkty rksis.

:. Gfxpnsf Anoougkty Fjktkng

Gfxpnsf Anoougkty Fjktkng acg sacg gftwnris, npfrctkgl

systfos, wfb cpphkactkngs, jctcbcsfs, cgj vkrtuch fgvkrngofgts.

Zdf Anoougkty Fjktkng, dnwfvfr, hkokts ynu tn sacggkgl up tn 12

KPs ct c tkof. Kt‛s chsn hkoktfj tn ngf-yfcr ne usf ugtkh ynu oust

cpphy enr c gfw hkafgsf. Zdfy chsn nfffr c sfvfg-jcy erff trkch netdfkr anoofrakch fjktkngs.

Gfxpnsf kgstchhs ng \kgjnws, Hkgux, nr vkrtuch ocadkgfs cgj

prnvkjfs c wfb-bcsfj LVK. Zdrnuld tdf wfb pnrtch ynu acg

arfctf sktfs tn jfffigf tdf KPs nr VRHs ynu‛j hkif tn sacg, sfhfat

tdf sacggkgl prfefrfgafs, sacggkgl sadfjuhf, cgj prnvkjf cgy

gfafsscry arfjfgtkchs enr sacggfj cssfts.

Ngaf c sktf ks sacggfj ynu‛hh sff c hkst ne cssfts cgj

vuhgfrcbkhktkfs. [nu acg sff cssft jftckhs kgahujkgl NQ cgj

snetwcrf kgenroctkng cgj jftckhs ng vuhgfrcbkhktkfs cgj dnw tn ffix

tdfo. [nu acg nptkngchhy sft pnhkakfs tn jfffigf cgj trcai ynur

http://www.rapid7.com/products/nexpose/http://www.rapid7.com/products/nexpose/


54/84

jfskrfj anophkcgaf stcgjcrjs. [nu acg chsn lfgfrctf cgj fxpnrt

rfpnrts ng c vcrkfty ne cspfats.

Gfxpnsf Anoougkty Fjktkng ks c snhkj euhh-efcturfj vuhgfrcbkhkty

sacggfr tdct‛s fcsy tn sftup but tdf 12 KP hkokt ocy ocif kt

koprcatkach enr hcrlfr gftwnris.

6. QfaurfAdfq

QfaurfAdfq acg pfrenro hnach sacgs ng \kgjnws jfsitnps cgj

sfrvfrs, kjfgtkeykgl vcrknus kgsfaurf cjvcgafj \kgjnws sfttkgls

hkif jfffigfj by AKQ, KQN nr ANBKZ stcgjcrjs. Kt angafgtrctfs ng

anoong angffilurctkng frrnrs rfhctfj tn NQ dcrjfgkgl, jctcprntfatkng, anoougkactkng sfaurkty, usfr caanugt catkvkty cgj

cujkt hnllkgl. Zdf erff vfrskng, dnwfvfr, ks hkoktfj tn sacggkgl

hfss tdcg twn jnzfg sfttkgls, cbnut c qucrtfr ne wdct tdf euhh

vfrskng suppnrts.

QfaurfAdfq ks c skophf tnnh. Cetfr sacggkgl tdf PA ynu‛hh sff c

hkst ne chh tdf adfaifj sfttkgls cgj c Pcssfj nr Eckhfj rfsuht.

Ahkai c sfttkgl cgj ynu‛hh ffigj hkgis tn rfefrfgafs cbnut tdf

vuhgfrcbkhkty, suoocry ne tdf vuhgfrcbkhkty, cgj dnw tn ffix kt.

Zdnuld ynu acg‛t scvf tdf rfsuhts enr hctfr vkfwkgl kg tdf

cpphkactkng, ynu acg prkgt tdfo nr vkfw/scvf tdf NUCH TOH ffihf.

Chtdnuld QfaurfAdfq ks fcsy-tn-usf cgj sacgs enr cjvcgafj

angffilurctkng sfttkgls, kt catuchhy okssfs snof ne tdf onrf

lfgfrch \kgjnws vuhgfrcbkhktkfs cgj gftwnri-bcsfj tdrfcts.

Dnwfvfr, kt anophfofgts tdf Okarnsnet Bcsfhkgf Qfaurkty

Cgchyzfr (OBQC) wfhh9 sacg enr bcska tdrfcts cgj tdfg enhhnw up

wktd QfaurfAdfq enr cjvcgafj vuhgfrcbkhktkfs.

http://www.tripwire.com/securecheq/http://www.tripwire.com/securecheq/


55/84

5. Suchys ErffQacg

Suchys ErffQacg prnvkjfs up tn 30 erff sacgs ne VRHs nr KPs ne

Kgtfrgft ecakgl nr hnach sfrvfrs nr ocadkgfs. [nu kgktkchhy caafss kt

vkc tdfkr wfb pnrtch cgj tdfg jnwghncj tdfkr vkrtuch ocadkgf

snetwcrf ke ruggkgl sacgs ng ynur kgtfrgch gftwnri.

Suchys ErffQacg suppnrts c efw jkfffrfgt sacg typfs9

vuhgfrcbkhkty adfais enr dkjjfg ochwcrf, QQH kssufs, cgj ntdfr

gftwnri-rfhctfj vuhgfrcbkhktkfs. N\CQP ks enr cujktkgl

vuhgfrcbkhktkfs ne wfb cpphkactkngs. Pctad Zufsjcy sacgs enr cgj

dfhps kgstchh oksskgl snetwcrf pctadfs. QACP adfais anoputfr

sfttkgls anophkcgaf clckgst tdf QACP (Qfaurkty Angtfgt

Cutnoctkng Prntnanh) bfgadocri prnvkjfj by Gctkngch Kgstktutf ne

Qtcgjcrjs cgj Zfadgnhnly (GKQZ).

Zdnuld ynu ffirst sff must cg nghkgf tnnh tdct cppfcrs tn must jn

sacggkgl vkc tdf Kgtfrgft, ke ynu fgtfr c hnach KP nr sacg, kt wkhh

prnopt ynu tn jnwghncj c vkrtuch sacggfr vkc c UOwcrf nr

UkrtuchBnx koclf. Zdks chhnws ynu tn jn sacggkgl ne ynur hnach

gftwnri. Ngaf c sacg ks anophftf ynu acg vkfw kgtfrcatkvfrfpnrts by tdrfct nr by pctad.

Qkgaf Suchys ErffQacg nghy prnvkjfs 30 erff sacgs, kt‛s gnt

snoftdkgl ynu acg usf rfluhcrhy. Angskjfr uskgl cgntdfr snhutkng

enr jcy-tn-jcy usf cgj pfrknjkachhy rug Suchys ErffQacg enr c

jnubhf-adfai.

%= ;f: Cpphka/tkng Qa/ggkg+ Znnhs=

Zdfsf crf tdf fst npfg snuraf wf cpphkactkng pfgftrctkng tfstkg! tnnhsJ

https://www.qualys.com/forms/freescan/https://www.qualys.com/forms/freescan/


56/84

4rcbbfr

*rcfr ks c gkaf wf cpphkactkng sacggfr wdkad acg jftfat ocgy sfaurkty vuhgfrckhktkfs kg wf

cpphkactkngs. Kt pfrenros sacgs cgj tfhhs wdfrf tdf vuhgfrckhkty fxksts. Kt acg jftfat tdf enhhnwkg!

vuhgfrckhktkfsJ

• 2rnss sktf sarkptkgl

• &5, kg@fatkng

• C@cx tfstkgl

• !khf kgahuskng

• J& snuraf anjf cgchyzfr

• Dca#up hf adfa#

Kt ks gnt ecst cs anopcrfj tn ntdfr sfaurkty sacggfrs% ut kt ks skophf cgj pnrtchf. Zdks sdnuhj f

usfj nghy tn tfst sochh wf cpphkactkngs facusf kt tcifs tnn ouad tkof tn sacg hcr!f cpphkactkngs.

Zdks tnnh jnfs gnt neefr cgy *+K kgtfrecaf. Kt chsn acggnt arfctf cgy )7E rfpnrt. Zdks tnnh wcs

jfsk!gfj tn f skophf cgj enr pfrsngch usf. Inu acg try tdks tnnh ust enr pfrsngch usf. Ke ynu crf

tdkgikg! ne kt enr prnefsskngch usf% K wkhh gfvfr rfanoofgj kt.

Zdks tnnh wcs jfvfhnpfj kg )ytdng. Cgj cg fxfautchf vfrskng ks chsn cvckhchf ke ynu wcgt. Qnuraf

anjf ks cvckhchf% sn ynu acg onjkey kt caanrjkg! ynur gffjs. Zdf ockg sarkpt ks !rcfr.py% wdkad

ngaf fxfautfj achhs ntdfr onjuhfs hkif s8h.py% xss.py nr ntdfrs.

7nwghncj kt dfrfJ dttp=//rlcuadfr.kgn/"ftc/lrc""fr/

Qnuraf anjf ng *ktduJ dttps=//lktdu".ano/gfurnn/lrc""fr

>f*c

f!c ks cgntdfr erff npfg snuraf wf vuhgfrckhkty sacggfr cgj tfstkg! phctenro. \ktd tdks tnnh% ynu

acg pfrenro sfaurkty tfstkg! ne c wf cpphkactkng. Zdks tnnh ks wrkttfg kg &cvc cgj neefrs c *+K csfj

fgvkrngofgt. Kt ks cvckhchf enr FQ L% >kgux cgj \kgjnws.

Kt acg f usfj tn ekgj Q> kgfatkng% dfcjfr kgfatkng% jkrfatnry hkstkg!% sdfhh kgfatkng% arnss sktf

sarkptkg!% ekhf kgahuskng cgj ntdfr wf cpphkactkng vuhgfrckhktkfs. Zdks tnnh acg chsn f fxtfgjfj uskg!

c pnwfreuh C)K wrkttfg kg &cvcQarkpt.

\dkhf wnrikg! wktd tdf tnnh% kt hfts ynu sft c efw prfefrfgafs hkif tntch guofr ne pctd jfsafgjcgts%

guofr ne adkhj pctds ne c gnjf% jfptd cgj ocxkouo guofr ne rf8ufst pfr sfangj. Inu acg usf

http://rgaucher.info/beta/grabber/https://github.com/neuroo/grabberhttp://rgaucher.info/beta/grabber/https://github.com/neuroo/grabber


57/84

f!c Qacggfr% f!c )rnxy% )rnxy Qacggfr cgj chsn Qacggfr wktd arfjfgtkchs. Ke ynu gffj dfhp% ynu

acg ekgj rfsnurafs kg tdf jnauofgtctkng sfatkngJ

7nauofgtctkngJ dttps=//su"lrcpd.ano/vflc/jnauofgtctkng/kgjfx.fg.dtoh

7nwghncj f!cJ dttps=//su"lrcpd.ano/vflc/

0:2C, C2N:'1 3C:':'1

@fj Cttcai Prny

Nfj Cttcai )rnxy ks chsn ignwg cs NC). Zdks tnnh ks npfg snuraf cgj ks jfvfhnpfj y C\CQ). Kt ks

cvckhchf enr \kgjnws% +gkxA>kgux cgj 4cakgtnsd phctenros. K pfrsngchhy hkif tdks tnnh. Kt acg f usfj

tn ekgj c wkjf rcg!f ne vuhgfrckhktkfs kg wf cpphkactkngs. Zdf tnnh ks vfry skophf cgj fcsy tn usf.

Bvfg ke ynu crf gfw tn pfgftrctkng tfstkg!% ynu acg fcskhy usf tdks tnnh tn stcrt hfcrgkg! pfgftrctkng

tfstkg! ne wf cpphkactkngs.

Zdfsf crf tdf ify eugatkngchktkfs ne NC)J

• :gtfrafptkgl )rnxy

• Cutnoctka &acggfr

• rcjktkngch "ut pnwfruh spkjfrs

• !uzzfr

• 4f" &na#ft &uppnrt

• )hul-g-dca# suppnrt

• Cutdfgtkactkng suppnrt

• 30& "csfj C):

• +ygcoka &&, afrtkactfs

• &ocrtacrj cgj 2hkfgt +klktch 2frtkactfs suppnrt

Inu acg fktdfr usf tdks tnnh cs c sacggfr y kgputtkg! tdf +'> tn pfrenro sacggkg!% nr ynu acg usf

tdks tnnh cs cg kgtfrafptkg! prnxy tn ocguchhy pfrenro tfsts ng spfakeka pc!fs.

7nwghncj NC) J dttp=//anjf.lnnlhf.ano/p/zcprnxy/

\c'ktk

\cpktk ks chsn c gkaf wf vuhgfrckhkty sacggfr wdkad hfts ynu cujkt tdf sfaurkty ne ynur wf

cpphkactkngs. Kt pfrenros hcai


58/84

Kt acg jftfat enhhnwkg! vuhgfrckhktkfsJ

• !khf +ksahnsurf

• !khf kgahuskng

• 2rnss &ktf &arkptkgl A&&%

• 2noocgj fxfautkng jftfatkng

• 23,! :g@fatkng

• &0, :g@fatkng cgj Apctd :g@fatkng

• 4fc# .dtcaafss anglurctkng

• Dca#up hfs jksahnsurf

• cgj ocgy ntdfr

\cpktk ks c anoocgj

kgfatkng% $rnss


59/84

\fQacrc ks c &cvcE cgj ocgy ntdfr vuhgfrckhktkfs.

Qnuraf anjf ne tdf tnnh ks cvckhchf ng *ktduJ dttps=//lktdu".ano/4C&)/4C&)-4f"&acrc"

7nwghncj \fQacrc

dfrfJdttps=//www.nwcsp.nrl/kgjfx.pdp/2ctflnry=4C&)


60/84

Zdks tnnh ks jfsk!gfj tn nvfranof tdf prnhfos usfrs usuchhy ecaf wdkhf uskg! ntdfr prnxy tnnhs enr

sfaurkty cujkts. Kt ks acpchf ne jkstkg!uksdkg! ftwffg $QQ styhfsdffts cgj &cvcQarkpt anjfs. Kt chsn

suppnrts QQ> ocg kg tdf okjjhf cttcai% wdkad ofcgs ynu acg chsn sff jctc pcsskg! tdrnu!d QQ>.

Inu acg rfcj onrf cnut tdks tnnh dfrfJdttp=//anjf.lnnlhf.ano/p/rctprnxy/wk#k/3ctprnxy+na

7nwghncj dttp=//anjf.lnnlhf.ano/p/rctprnxy/

Q!$c'

Q>4cp ks cgntdfr pnpuhcr npfg snuraf pfgftrctkng tfstkg! tnnh. Kt cutnoctfs tdf prnafss ne ekgjkg!

cgj fxphnktkg! Q> kgfatkng vuhgfrckhkty kg c wfsktf?s jctccsf. Kt dcs c pnwfreuh jftfatkng fg!kgf

cgj ocgy usfeuh efcturfs. Qn% c pfgftrctkng tfstfr acg fcskhy pfrenro Q> kgfatkng adfai ng c

wfsktf.

Kt suppnrts rcg!f ne jctccsf sfrvfrs kgahujkg! 4yQ>% Frcahf% )nst!rfQ>% 4karnsnet Q> Qfrvfr%

4karnsnet Caafss% KM4 7M,% Q>ktf% Ekrfkrj% Qycsf cgj QC) 4cx7M. Kt neefrs euhh suppnrt tn

ikgjs ne Q> kgfatkng tfadgk8ufsJ tkof


61/84

\cta2fr

\ctadfr ks c pcsskvf wf sfaurkty sacggfr. Kt jnfs gnt cttcai wktd hncjs ne rf8ufsts nr arcwh tdf

tcr!ft wfsktf. Kt ks gnt c sfpcrctf tnnh ut ks cg cjj


62/84

Ke ynu wcgt tn stcrt pfgftrctkng tfstkg!% K wkhh rfanoofgj uskg! >kgux jkstrkutkngs wdkad dcvf ffg

arfctfj enr pfgftrctkng tfstkg!. Zdfsf fgvkrngofgts crf caitrcai% !gcaitrcai% cainx cgj

hcaiugtu. Chh tdfsf tnnhs anof wktd vcrknus erff cgj npfgsnuraf tnnhs enr wfsktf pfgftrctkng

tfstkg!. Qn% ynu acg !n wktd tdnsf fgvkrngofgts.

Ke ynu tdkgi K enr!nt tn ofgtkng cg kopnrtcgt tnnh% ynu acg jrnp c anoofgt cgj K wkhh try tn cjj kt.

* QK" ZNN


63/84

• Qachckhkty erno Q4M tn hcr!f kophfofgtctkngs

• Kopnrt cgj fxpnrt ne angtfgt =ruhfs% rfpnrts% trfgjs9

• 4uhtk


64/84

n Qfhfatkng ne arktkach ekfhjs cgj sadfjuhfj suoocrkzctkng ne fvfgts

• (fchtd stctus ongktnrkg!

•

n \dct sfhe


65/84

n $cg tdf systfo f angek!urfj kg c dkfrcradyP $nrrfhctkng fg!kgf cgj hn!

ocgc!fofgt hnachhy ct fcad +op8uc% ut ocstfrA!hnch angtfgt pusdfj cgj sygadfj erno c

ocgc!fj sfrvkafs !rnup wktd hnach angtfgt gnt nvfrrkjjfg% ut !hnch angtfgt kganrpnrctfj

cgj nvfrwrkttfgP

• Kgputs

•

n \dct hn! snurafs crf suppnrtfj gctkvfhyP

• >ng! tfro

•

n (nw jn wf kgtf!rctf wktd c tkaiftkg!Awnriehnw systfoP

n (nw acg wf kgtf!rctf wktd cg fxkstkg! angek!urctkng ocgc!fofgt jctccsf =$47M9

tn puhh cssft tc! kgenroctkngP

n (nw acg wf kgtf!rctf wktd *nvfrgofgt% 'ksi% $nophkcgaf =*'$9 cgj vuhgfrckhkty

ocgc!fofgt tn prnvkjf c anoong jcsdncrjP

Qnuraf= Ifgt Qcugjfrs, Qfgknr Angsuhtcgt, Caauvcgt 2036

Kjfchhy% anopcgkfs sdnuhj chsn hnni enr tdf ckhkty tn jfphny cg fvchuctkng nr c prnne ne angafpt kg

tdfkr fgvkrngofgts tn ocif surf tdf rfpnrts cgj jctc tdfy fxpfat crf cvckhchf cs wfhh. Bvfg ke tdfy

crf nghy chf tn anhhfat jctc erno c efw jfvkafs tdct wkhh f c du!f kgjkactnr ne wdftdfr tdfy crf

uykg! c prnjuat tdct snhvfs tdfkr spfakeka prnhfos% cs nppnsfj tn c prnjuat tdct ust snugjs rfchhy

annh% scys Zurgfr.

hnu398/sf3 QK" Nptkngs

Fgf cpprncad tdct ks stcrtkg! tn !rnw ks ahnuj


66/84

austnofrs% tdf hcr!fr cgj onrf fstchksdfj QKB4 prnvkjfrs tdct chsn neefr ng


67/84

Kgjustry 7ctc Qfaurkty Qtcgjcrj =)$K 7QQ9% (fchtd Kgsurcgaf )nrtckhkty cgj Caanugtckhkty Cat ne

0DD =(K)CC9% Efjfrch Kgenroctkng Qfaurkty 4cgc!fofgt Cat ne ,55, =EKQ4C9% Qcrcgfsn!

4cgc!fofgt:

• 4aCeff BQ4 =Bgtfrprksf Qfaurkty 4cgc!fr9 cpphkcgaf dcgjhfs ntd QKB4A$nrrfhctkng cgj

>n! 4cgc!fofgt:

• KM4 Qfaurkty 'cjcr Chh kg Fgf cpphkcgaf dcgjhfs ntd QKB4A$nrrfhctkng cgj >n!

4cgc!fofgt:

• Qphugi Bgtfrprksf snetwcrf nr vkrtuch ocadkgfs enr hn! ocgc!fofgt dcs ckhkty enr c usfr tn

wrktf tdfkr nwg austno anrrfhctkngs cgj QKB4


68/84

• >n!'dytdoVs cpphkcgaf% snetwcrf cgj vkrtuch ocadkgfs dcgjhfs ntd QKB4A$nrrfhctkng cgj

>n! 4cgc!fofgt

(frfVs c onrf jftckhfj hnni ct ()Vs CraQk!dt% >n!'dytdo% Qnhcr\kgjs% cgj Qphugi.

• CraQk+.t

(fwhftt


69/84

stcgjn!'dytdoVs sfaurkty kgtfhhk!fgaf phctenro anhhfats enrfgskas

jctc erno hn! jctc% ehnw jctc% fvfgt jctc% ocadkgf jctc cgj vuhgfrckhkty jctc. Kt chsn !fgfrctfs

kgjfpfgjfgt enrfgskas jctc enr tdf dnst cgj gftwnri.

Zdf systfo acg prnjuaf rfch


70/84

cujkt hn!s cgj tchfs% ekhfsystfo cujkt hn!s% cgj npfrctkg! systfo oftrkas% stctus cgj jkc!gnstka

anoocgjs. Mut ct Qphugi% tdf enaus ks ng ocadkgf jctc


71/84

. \dct ks tdf anst ne tdf QKB4 prnjuat =hkafgsf nr susarkptkng9P

1. \dct ks tdf anst ne trckgkg!P

. (nw wfhh jn tdfy jn pnst


72/84

Qnuraf= Mnrjcg Pfris, angsuhtcgt, Caauvcgt, 2036

fw onrf QK" Znnhs

Qfaurkty Kgenroctkng Cgj Fvfgt OcgclfofgtQystfos Nvfrvkfw cgj Ufgjnr Hkst

Chtdnuld ;;% ne KZ sfaurkty snhutkngs sctksey snof pcrts ne anophkcgaf,

onst ne tdfo wnuhj bf bnuldt kgtn cg nrlcgksctkng rflcrjhfss. Cg fxcophf

wnuhj bf c ekrfwchh, fockh cgj wfb ekhtfrkgl snhutkngs.

Dnwfvfr KZ sfaurkty prnefsskngchs usuchhy kgvfst kg pnhkay cujktnrs, wfb

cpphkactkng ekrfwchhs, vuhgfrcbkhkty ocgclfrs, ekhf kgtflrkty snetwcrf, cradkvkgl

cpphkactkng angtrnh cgj K!" snhutkngs tn sctksey rfluhctnry anophkcgaf cgj

sdnwkgl juf jkhklfgaf.

K!" #vfrvkfw

nof vfgjnrs anobkgf K!" wktd c anobkgctkng ne vuhgfrcbkhktyocgclfofgt, ekhf kgtflrkty, pnhkay cujktkgl cgj K$ cs nptkngs. #tdfr vfgjnrs

kgtflrctf K!" kgtn tdfkr Kjfgtkty cgj Caafss ocgclfofgt snhutkngs cgj cgj

snof vfgjnrs prnvkjf K!" cs c pnkgt snhutkng ng kts nwg.

K!" cs c prnjuat ks c anobkgctkng ne Kgenroctkng "cgclfofgt, !vfgt

"cgclfofgt cgj gftwnr bfdcvknur cgchysks tnnhs prnvkjkgl c anophftf


73/84

vkskng ne hnl jctc cgj rfch tkof fvfgts. nof anopcgkfs nghy rf&ukrf ngf nr

tdf ntdfr 'Kgenroctkng "cgclfofgt nr !vfgt "cgclfofgt(. Kgenroctkng

"cgclfofgt ks usfj enr dkstnrkach cgj anophkcgaf purpnsfs cgj !vfgt

"cgclfofgt enr rfch tkof cttca cgchysks. nof vfgjnrs chsn prnvkjf tdfsf

cs sfpcrctf prnjuats.

Chfrt Hnlka ks c ahnuj snhutkngs vfgjnr cgj neefr c ahnuj bcsfj Kgakjfgt cgj

!vfgt )nl "ngktnrkgl sfrvkaf.

ChkfgUcuht Prnefsskngch QKFO ks neefrfj cs cg cpphkcgaf cgj vkrtuch

phctenro. Chkfgt*cuht chsn dcvf kgtruskng jftfatkng cgj vuhgfrcbkhkty

ocgclfofgt eugatkngchkty bukht kg tn kts K!" prnjuat. Chkfg*cuht ks c

jfjkactfj K!" vfgjnr.

Cstcrn dcvf c hnl ocgclfofgt onjuhf bukht kg tdfkr sfaurkty lctfwcy

cpphkcgaf. Zdf catuch hnl ocgclfofgt ks c systfo bcsfj kg tdf ahnuj. Zdks

ks c bcska hnl ocgclfofgt sfrvkaf.

Anoputfr Cssnakctfs (AC ks c hcrlf vfgjnr wktd ocgy fgtfrprksf ahcss KZ

snhutkngs. +C dcvf c sfaurkty jkvkskng cgj neefr tdfkr fgtfrprksf hnl ocgclfr

wdkad anofs kg snetwcrf phctenro.

Anrrfhnl neefr hnl ocgclfofgt cgj sfaurkty anrrfhctkng cgj prnvkjf

kgtflrkty ongktnrkgl enr anoong # phctenros.

http://www.alertlogic.com/solutions/security/log-management/http://www.alienvault.com/products.php?section=ProfessionalSIEMhttp://www.astaro.com/en-uk/products/astaro-log-management/activationhttp://www.ca.com/us/log-management.aspxhttp://correlog.com/index.htmlhttp://www.alertlogic.com/solutions/security/log-management/http://www.alienvault.com/products.php?section=ProfessionalSIEMhttp://www.astaro.com/en-uk/products/astaro-log-management/activationhttp://www.ca.com/us/log-management.aspxhttp://correlog.com/index.html


74/84

fh!gftwnr"s spfakchksf kg vkskbkhkty cgj cwcrfgfss ne KZ kgenroctkng.

fhgftwnrs dcs c enaus ng K!", ekhf kgtflrkty, vuhgfrcbkhkty ocgclfofgt

cgj gftwnr bfdcvknur cgchysks snhutkngs.

Fgtfrcsys Qfaurkty Kgenroctkng cgj Fvfgt Ocgclfofgt snhutkng

prnvkjfs )nl "cgclfofgt cgj -ftwnr fdcvknrch Cgchysks acpcbkhktkfs.

!gtfrcsys ks c prnvkjfr ne rnutkgl cgj swktadkgl, wkrfhfss cgj gftwnr

ocgclfofgt cgj sfaurkty snhutkngs.

#ckr$crgkgl spfakchksf kg kgenroctkng prntfatkng cgj cwcrfgfss kg tdf

dfchtd kgjustry. Zdfkr cpphkcgaf bcsfj snhutkng prntfats tdf prkvcay ne pctkfgtdfchtd rfanrjs.

%#K Qnetwcrf ks c vfgjnr enaussfj ng

tools and description

Documents