![](apr3/title2.gif)
![](sniper/sniper.gif)
![](sniper/1.gif)
½º³ªÀÌÆÛIPSÀÇ
Çʿ伺 ¹× µµÀÔÈ¿°ú
- ¿ú(Worm) µî¿¡ ÀÇÇÑ ºñÁ¤»óÆ®·¡ÇÈ Á¦¾î·Î ³×Æ®¿öÅ© ÀÚ¿øÀÇ È¿À²Àû È°¿ë
- ¼ºñ½º°ÅºÎ(DoS), ºÐ»ê¼ºñ½º°ÅºÎ(DdoS) °ø°ÝÀÇ ±Ùº»ÀûÀÎ Â÷´Ü
- ¹æȺ®À̳ª IDS¿¡¼ Â÷´ÜÇÒ ¼ö ¾ø´Â One-Way Attack ¹æ¾î
- µ¿ÀÏ IP, µ¿ÀÏ ¼ºñ½º¿¡ ´ëÇؼµµ Æ®·¡ÇÈ¿¡ µû¶ó ¼±º°Â÷´Ü
- ¾ÇÀÇÀû ÇàÀ§¿¡ ´ëÇÑ ½Ç½Ã°£ ÀÚµ¿Â÷´Ü(Drop)À¸·Î ³×Æ®¿öÅ© °ü¸®ÀÇ È¿À²¼º Áõ´ë
- ÇÁ·ÎÅäÄÝ/¼ºñ½º/IPº° ³×Æ®¿öÅ© Æ®·¡ÇÈ Æ®·£µå »ó¼¼ºÐ¼®À» ÅëÇÑ È¿À²Àû °ü¸®
- ÀÎÅͳݻóÀÇ °¢Á¾ °ø°Ý±â´É ¿ÏÈ (Risk Management & Attack Mitigation)
- ÀáÀçÀ§Çù¿¡ ´ëÇÑ Å½Áö ¹× ¹æ¾î, °ü¸®(Threat Management System)
- ³×Æ®¿öÅ© »óÀÇ ´Ù¾çÇÑ À§Çù¿¡ ´ëÇÑ º¸¾È»ç°í »çÀü¿¹¹æ
- ³×Æ®¿öÅ© »óÀÇ ³».¿ÜºÎ ºñÁ¤»ó »ç¿ëÀڷκÎÅÍ Á¤º¸½Ã½ºÅÛ º¸È£
- ³×Æ®¿öÅ© ¹× ½Ã½ºÅÛ¿¡ ´ëÇÑ ÅëÇÕº¸¾È Á¤Ã¥¼ö¸³
![](sniper/2.gif)
ºñÁ¤»ó
³×Æ®¿öÅ© Æ®·¡ÇÈ Â÷´Ü
- ¿ú(Worm) µî À¯ÇØÆ®·¡ÇÈ Å½Áö ¹× Â÷´Ü
- ¹æȺ® ±â´É(Stateful Inspection ±â´É, ÃÖ´ë 200¸¸ ¼¼¼Ç Áö¿ø)
- ħÀÔ À¯Çüº° »ó¼¼Á¤º¸ Á¦°ø, Á¤È®ÇÑ Å½Áö ¹× Â÷´Ü
- In-Line Network Device·Î ÀÛµ¿ÇÏ´Â ½Ç½Ã°£ ÀÚµ¿Â÷´Ü(Drop) ±â´É
- One-Way Attack¿¡ ´ëÇÑ ½Ç½Ã°£ Â÷´Ü (Buffer overflow, No operation
Code)
- ħÀÔŽÁö ³»¿ª ¹× Â÷´Ü ÇöȲ¿¡ ´ëÇÑ °ü¸®ÀÚ ¾Ë¸² ±â´É(Alert, E-mail µî)
- Application-Level Stateful inspection EngineÀ¸·Î ¿ÀŽÀ²(False
Positive) ÃÖ¼ÒÈ
- Auto Fail-over Device žÀç·Î ´ëÇü ³×Æ®¿öÅ© »ç°í ¹æÁö
½Ç½Ã°£
Network Data °¨½Ã
- ½Ç½Ã°£ Network Data Æ®·¡ÇÈÀÇ ¸ð´ÏÅ͸µ ¹× ·Î±ë
- ³».¿ÜºÎ ³×Æ®¿öÅ©¸¦ ±¸ºÐÇØ ¼ºñ½º/IP/»ç¿ëÀÚº° ¼¼ºÐÈµÈ ¸ð´ÏÅ͸µ
- °í¼º´É ³×Æ®¿öÅ© Æ®·¡ÇÈ¿¡¼µµ ¼ÓµµÀúÇϾøÀÌ ºñÁ¤»óÆ®·¡ÇÈ Â÷´Ü ¹× ¾ÈÁ¤Àû ÀÛµ¿
³×Æ®¿öÅ©
Æ®·¡ÇÈ ºÐ¼® (Traffic Breakout)
- ½Ç½Ã°£ ³×Æ®¿öÅ©/½Ã½ºÅÛ ºÎÇÏ·® ¸ð´ÏÅ͸µ ±â´É
- ÇÁ·ÎÅäÄÝ/¼ºñ½º/IPº° ³×Æ®¿öÅ© Æ®·¡ÇÈ Æ®·£µå »ó¼¼ºÐ¼®
- ÇÁ·ÎÅäÄÝ/³×Æ®¿öÅ© ÆÐŶ¿¡ ´ëÇÑ Anomaly ºÐ¼®
- Protocol, Service, IP Anomaly º¸¾È À§¹è »çÇ׿¡ ´ëÇÑ Forensic
Á¦°ø
- ³×Æ®¿öÅ© Æ®·¡ÇÈ°ú ŽÁöµÈ °ø°Ý¿¡ ´ëÇÑ ÃßÀÌ ¹× Åë°è ºÐ¼®
Â÷º°ÈµÈ
±â¼ú°ú ºÎ°¡±â´É
- ¼ø¼ö ±¹³» °³¹ß·Î »ç¿ëÀÚ ¿ä±¸»çÇ× ½Å¼ÓÁö¿ø
- ±¹³» IDS ¼±µÎ ±â¼ú·ÂÀ» ¹ÙÅÁÀ¸·Î ÇÑ °í¼º´É ³×Æ®¿öÅ© Æ®·¡ÇÈÀÇ ¾ÈÁ¤Àû Áö¿ø
- ¿ø°ÝÁö Á¢¼Ó±â´ÉÀ¸·Î »ó½Ã Á¢¼Ó ¹× Æí¸®ÇÑ °ü¸®(128bit ¾ÏÈ£È Áö¿ø)
- IAP, SNMP, SYSLOG µîÀ» ÀÌ¿ëÇÑ ÅëÇÕ°üÁ¦ Protocol Áö¿ø
- »õ·Î¿î °ø°Ý Class¿¡ ´ëÇÑ ½Å¼ÓÇÏ°í Æí¸®ÇÑ Signature update(Live Update)
- Ãë¾à¼º µ¥ÀÌÅͺ£À̽º À¥(http://cert.wins21.com) °ø°³¸¦ ÅëÇÑ Á¤º¸Á¦°ø
- ½Ã½ºÅÛ º¸¾ÈÄÁ¼³Æà Àü¹®±³À°°ú »ó¼¼ ¼³Ä¡/¿î¿µ ±³À° Á¦°ø
- HA ±¸¼ºÀ» À§ÇÑ Failover Device ±âº» Á¦°ø
- Hacking Proof
- Raw data ÀúÀå ¹× »ó¼¼ ºÐ¼® ±â´É Á¦°ø
![](sniper/3.gif)
SNIPER
IPS ±¸Á¶µµ
![](sniper/do.gif)
|