在建構安全的網路系統上,一般的入侵偵測僅著重在網路的異常行為分析,如要提昇網路的安全層級,還應該針對網路的各種攻擊方式,做全面性的分析與防制,並訂定出合適的網路存取機制與監控方法。本論文首先探討入侵者如何利用網路的特性,擷取傳輸封包與竊聽密碼,與如何利用不當的存取控制,取得控管權限與系統資訊等。其次,研究入侵者如何利用不被監控的網路封包與不易檢測的隱藏通道建立後門、種植木馬,竊取系統資訊,與如何利用TCP/IP通訊協定的疏漏,經由IP封包欺騙或TCP序號猜測,劫持TCP連線以入侵系統。接著分析入侵者如何利用人為管理疏失與系統設定上的漏洞,取得系統帳號/密碼與使用權限,並探討入侵者如何利用Windows、Unix系統現有的安全漏洞,竊取或破壞系統資源;之後研究入侵者如何利用不易被察覺的偵測技術,掃瞄網路缺陷及漏洞,擷取網路設施的資訊,最後探討網路入侵步驟與入侵趨勢,並提供網管人員制訂安全管理機制時的準則以及防制措施,使入侵攻擊與資訊竊取的困難度提昇,以有效提昇組織內部的網路安全。 An Intrusion detection system (IDS) generally focuses on the analysis and detection of network anomalies. In fact, all the messages that might threaten a network system and the behaviors of improper network accesses are those should be analyzed when one tries to detect network attacks. In order to improve security degree of a network, we should analyze all kinds of network threats and establish a proper access and monitoring mechanism. In this paper, we first study how intruders gather network packets or obtain illegal access authority by hacking network drawbacks. Second, we discuss how intruders use rarely monitored packets and tunnel to build backdoors for stealing information from information systems, and the way they perform connection hijacking by using spoofing IP and TCP sequence number surmise. Third, how intruders obtain system accounts through security weakness of an operation system is stated. Forth, we describe how hackers make use of undetectable methods to scan network systems to avoid detection by some security mechanism. Finally, we study intrusion procedures and trends, and provide suggestions for network administrator to set up a safer network environment. The purposes are to increase the difficulties of intrusion and illegal accesses to network facilities so as network security can be dramatically improved.
