以Snort偵測並封鎖網路異常行為之研究

Abstract

網路的發展越興盛，政府或企業利用網路來提供服務的頻率也越來越高。各項資料的E化雖帶來了不少便利，但也伴隨著各種危機。如駭客的入侵，導致學生資料外洩或成績遭到竄改等。 大部分的校園網路，通常以防火牆作為防止駭客入侵的第一道防線，但隨著網路技術的發展，駭客的攻擊方式與手法也越來越成熟且多樣化。面對層出不窮且變化多端的網路入侵攻擊，單靠防火牆的防禦是不夠的。因此，本研究以入侵偵測系統Snort及防火牆Iptables為基礎，搭配PHP開發出ABBA System，協助網路管理人員有效的從眾多的警示訊息中分析出可疑的入侵行為，並透過防火牆加以封鎖。 本研究以實際在國小電腦教室所蒐集到的警示警訊，利用ABBA System 進行統計分析，經由分析的結果，確實可以協助網路管理人員瞭解目前網路的異常狀況，藉此擬定因應的措施，以達到提升校園網路安全的目的。

The more prosperous development of the Internet, the higher frequency both the Government and enterprises use it to provide services. The electronization of different kinds of data in various applications has brought much convenience. However, the easy access of the Internet were accompanied with many risks, such as information leakage, system intrusion , etc. Most of the campus networks use firewall to prevent hackers as the first line of defense. Since the approaches used by hackers have become more sophisticated and diversified with the great development of the Internet. Using firewall as the only defensive tool is not enough. Therefore, this study proposed a solid IPS and ABBA System, which utilized the network system administrator to detect suspicious intrusion effectively among abounding alerts, and furthermore blocked it by firewall. In this study, we collected the data of invasion from the computers in computer classrooms in an elementary school. Then we employed the ABBA System to carry out statistical analysis. The result we obtained from the ABBA System did benefit the system administrators realize the present status of network anomalies and allowed them to take necessary actions ,which contributed to achieve the goal of upgrading the safety of campus .