Mushure memakore manomwe ekubudirira, Cisco yakaunza yekutanga yakagadzikana vhezheni yeiyo yekudzivirira yekurwisa system Snort 3 iyo yakagadziriswazve zvizere, pamusoro pekurerutsa kumisikidzwa uye kuvhurwa kweSnort, pamwe neiyo mukana wekugadzirisa kugadzirisa, kurerutsa mutauro wekutonga, otomatiki ona ese maprotocol, ipa Shell yekuraira mutsara kudzora, inoshanda yakawanda-tambo ine yakagovaniswa kuwana yeakasiyana ma controllers kune imwechete kumisikidza uye zvimwe.
Kune avo vasingazive Snort, iwe unofanirwa kuziva izvo inogona kuongorora traffic munguva chaiyo, kupindura kune zvakashata zviitiko zvakawanikwa uye chengetedza rakadzama package package yekuzotevera chiitiko kuongorora.
Iyo Snort 3 bazi, inozivikanwa zvakare seiyo Snort ++ chirongwa, yakanyatso fungisisa pfungwa uye dhizaini yechigadzirwa chavo.
Basa pa Snort 3 rakatanga muna 2005 asi rakakurumidza kusiiwa uye rakazotangazve muna 2013 mushure mekunge Cisco yatora chirongwa ichi.
Ramba 3 nhau huru
Mune vhezheni itsva ye Snort 3 yakachinjirwa kune itsva setup system, iyo inopa yakareruka syntax uye inogonesa kushandiswa kwemagwaro kuita zvine simba kugadzira masisitimu. LuaJIT inoshandiswa kugadzirisa mafaira ekugadzirisa, uye LuaJIT-based plugins ine zvimwe zvingasarudzwa zvemitemo uye registry system.
Imwe shanduko inomira pachena ndeyekuti injini yakagadziridzwa kuti ione kurwisa, mitemo yakagadziridzwa, iko kugona kusunga buffers kwakawedzerwa mumitemo (inonamira buffers) uye iyo Hyperscan yekutsvaga injini yakashandiswa zvakare, izvo zvakaita kuti zvikwanise kushandisa zvakakonzera mapatani nekukurumidza uye zvakanyatsoenderana nezvakajairwa zvirevo mumitemo;
Zvakare, muSnort 3 yakawedzera nyowani yekutsvaga nzira yeHTTP iri musangano inotaura uye inovhara 99% yezviitiko zvinotsigirwa neiyo HTTP Evader bvunzo suite, pamwe neyakawedzera yekuongorora system yeHTTP / 2 traffic.
Iko kuita kwekudzika kwepaketi yekuongorora modhi yakagadziridzwa zvakanyanya. Multithreaded packet kugadzira kugona kwave kuwedzerwa, zvichibvumira kumisidzana panguva imwe chete tambo dzakawanda dzine mapaketi vanobata uye ichipa mutsetse scalability zvichienderana nenhamba yeCPU cores.
Chengeto yakajairika yekumisikidza matafura yakaitwa uye hunhu, hwakagovaniswa munzvimbo dzakasiyana siyana, idzo dzakadzora zvakanyanya ndangariro nekushandisa kudzokorora ruzivo.
Zvakare, zvakare iyo shanduko kune modular akitekicha yakasimbiswa, kugona kuwedzera mashandiro kuburikidza ne plug-in yekubatanidza uye kumisikidza kweakakosha masisitimu mune echimiro anotsiviwa plug-ins.
Ikozvino pane mazana maviri emapulagi eiyo Snort 200, inovhara mashandisirwo akasiyana siyana, sekukubvumidza iwe kuti uwedzere ako ega macodec, nzira dzekutarisa, nzira dzekunyora, zviito, uye sarudzo mumitemo.
Yeimwe shanduko dzinomira kubva mushanduro nyowani:
- Wakawedzera rutsigiro rwefaira kukurumidza kudarika zvigadziriso zvine chekuita nezvimiro zvekumisikidza.
- Iko kushandiswa kwe snort_config.lua uye SNORT_LUA_PATH kwakamiswa kurerutsa kumisikidza.
- Wakawedzera rutsigiro rwekudzosera zvakare marongero pane nhunzi.
- Nyowani yechiitiko logi inoshandisa fomati yeJSON uye inosanganisirwa zvirinyore nemapuratifomu ekunze senge Elastic Stack.
- Otomatiki kuona kweanomhanya masevhisi, kubvisa iko kudikanwa kwekushandisa nemaoko kududzira anoshanda network network
- Iyo kodhi inopa kugona kushandisa iyo C ++ zvivakwa zvinotsanangurwa muC ++ 14 standard (gungano rinoda compiler inotsigira C ++ 14).
- A new VXLAN controller yakawedzerwa.
- Yakagadziridzwa kutsvaga kwemhando dzemukati nezvirimo uchishandisa yakagadziridzwa mamwe maitirwo eBoyer-Moore uye Hyperscan algorithms.
- Kumhanyisa kumisikidza nekushandisa tambo dzakawanda kuumba mapoka emitemo;
- Yakawedzera nyowani nyowani yekunyoresa.
- Iyo RNA (Real-nguva Network Kuzivisa) system yekuongorora yakawedzerwa, iyo inounganidza ruzivo nezve zviwanikwa, varidzi, kunyorera uye masevhisi anowanikwa pane network.
Finalmente kana iwe uchida kuziva zvakawanda nezvazvo nezve vhezheni itsva, unogona kutarisa ruzivo mune inotevera chinongedzo.