摘要
台灣學術網路骨幹頻寬於2016年進入100G時代,網路管理者面臨規模及強度更大的網路攻擊,原有的入侵偵測與防禦系統的等級無法應付如此大的流量,形成一個嚴峻的挑戰。本研究透過以網路分流器彈性部署資安偵測與防禦系統,以因應變化莫測的網路攻擊,作法將主要需保護的網段流量導入IPS防禦系統,除了減輕IPS系統的負荷,也使得原有IPS可以持續運作。而網路分流器提供1:1的Netflow流量資料提供桃園區網自行開發的Spark網路流量偵測系統分析,進而減輕核心路由器為了產出Netflow造成的系統負載。我們也應用分流器的可視性及彈性設定,將處理重要資料的行政單位網段流量導入Security Onion開源入侵偵測系統平台,作為進一步偵測可疑的網路行為。最後我們以實例顯示透過網路分流進行入侵防禦及偵測的彈性部署及調整,及實際偵測的結果。
並列摘要
The network attacks will grow rapidly since the TANet backbone network bandwidth upgraded to 100G. This paper describes how to flexible deploy both of Intrusion Prevention System and Intrusion Detection System using the smart TAP system to prevent and detect the network attack. The smart TAP system defines a set of in-line and SPAN mode rule to deploy IPS、IDS to framework when the network traffic is increasing. We also using Security Onion system detect the network attack and maintain essential network services. The smart TAP system also generated 1:1 Netflow Data to Spark Anomaly detection system. The experiment result shows that the smart TAP system can flexible deploy both of Intrusion Prevention System and Intrusion Detection System successful.