KS X ISO IEC 18043-2007 Information technology－Security techniques－Selection deployment and operations of intrusion detection systems《信息技术 安全技术 入侵检测系统的选择、开发和操作》.pdf

1、 KS X ISO/IEC 18043 KSKSKSKS SKSKSKS KSKSKS SKSKS KSKS SKS KS , KS X ISO/IEC 18043 ：2007 (2012 ) 2007 11 30 http:/www.kats.go.krKS X ISO/IEC 18043：2007 : e- ( ) ( ) () () ( ) : () ( ) () () JS ( ) KS X ISO/IEC 18043：2007 : (http:/www.standard.go.kr) ： ：2007 11 30 ：2012 12 31 2012-0848 ： e ： e ( 02-5

2、09-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO/IEC 18043：2007 i ii iii 1 1 2 .1 3 5 4 5 5 .6 5.1 7 5.2 IDS7 5.3 7 5.4 IDS .13 5.5 (Scalability)17 5.6 17 5.7 .18 6 .18 6.1 18 7 .22 7.1 IDS 22 7.2 IDS 23 7.3 IDS 23 7.4 .25 7.5 .26 A() (IDS, Intrusion Detection System)： .28 A.1 .28 A.2 .29 A.3 30 A

3、.4 IDS .36 A.5 .38 A.6 IDS .40 A.7 .42 A.8 45 47 .48 KS X ISO/IEC 18043：2007 ii e . . A () (IDS)： NIST (SP80031, Special Publication on Intrusion Detection Systems) ISO/IEC 18043 . NIST ISO/IEC , , , NIST (ISO/IEC 18043) . KS X ISO/IEC 18043：2007 iii 2006 1 ISO/IEC 18043, Information technologySecur

4、ity techniques Selection, deployment and operations of intrusion detection systems . , , , ( , , ) . . / . 1990 (IDS, Intrusion Detection Systems) . IDS IDS . IDS IDS , . , IDS (ICT, information and communications technology) . IDS IDS , . . ISO/IEC 20000 IT (ITSM, IT Service Management) . KS X ISO/

5、IEC 18043：2007 (2012 ) , Information technologySecurity techniques Selection, deployment and operations of intrusion detection systems 1 (IDS, Intrusion Detection System) . IDS , . . . a) KS X ISO/IEC 27001 . . b) KS X ISO/IEC 17799 . . . . . IDS / . (ISMS, Information Security Management System) ,

6、. 2 . 2.1 (attack) / , , KS X ISO/IEC 18043：2007 2 2.2 (attack signature) IDS . 2.3 (attestation) IDS 2.21 2.4 (bridge) OSI 2 LAN LAN 2.5 (cryptographic hash value) 2.6 (DoS, Denial of Service) (KS X ISO/IEC 18028 1 ) 2.7 (DMZ, Demilitarized Zone) , 1 DMZ . 2 ( ) . 2.8 (exploit) 2.9 (firewall) (KS X

7、 ISO/IEC 180281 ). KS X ISO/IEC 18043：2007 3 2.10 (false positive) IDS . 2.11 (false negative) IDS . 2.12 (host) TCP/IP 2.13 (intruder) , , , 2.14 (intrusion) , 2.15 (intrusion detection) , . 2.16 (IDS, intrusion detection system) , 2.17 (IPS, intrusion prevention system) 2.18 (honeypot) , (generic)

8、 2.19 (penetration) 2.20 (provisioning) KS X ISO/IEC 18043：2007 4 2.21 (remote attestation) IDS 2.22 ( ) response(incident response or intrusion response) 2.23 (router) (KS X ISO/IEC 180281 ) . 2.24 (server) 2.25 (Service Level Agreement) 2.26 (sensor) IDS / 2.27 (subnet) 2.28 (switch) (KS X ISO/IEC

9、 180281 ) (：) . . 2.29 (TAP, Test Access Points) . KS X ISO/IEC 18043：2007 5 2 . TAP IDS . 2.30 (trojan horse) 3 (IDS, Intrusion Detection System) , , , . IDS . IDS / IDS IDS IDS . IDS . IDS “ (plug and play)” . , IDS . IDS A . IDS . IDS(HIDS) IDS(NIDS) , HIDS NIDS . . . . / . IDS . 4 A IDS ( ) . ID

10、S . . IDS (correlation) . HIDS NIDS IDS KS X ISO/IEC 18043：2007 6 IDS . IDS , 1 . 1 IDS , 5 IDS . . IDS IDS . , IDS . IDS IDS . IDS , . , IDS . , IDS . KS X ISO/IEC 15408( ) IDS . , “ (Security Target)” IDS . . KS X ISO/IEC 18043：2007 7 IDS . 5.1 IDS , , , () . . IDS . (ISO/IEC 133352) . IDS , . 5.2

11、 IDS IDS . IDS , . IDS(HIDS) IDS(NIDS) . IDS , NIDS , HIDS . . IDS , IDS . 5.2.1 IDS(HIDS) HIDS . HIDS . HIDS . HIDS , IDS . 5.2.2 IDS(NIDS) NIDS . . 5.3 KS X ISO/IEC 18043：2007 8 5.3.1 , , IDS . , . , , , , , 5.3.2 , . , . (DMZ, Demilitarized Zone) , / 5.3.3 IDS , IDS . . ? IDS ? IDS ? ? ? , ? IDS

12、IDS . IDS . IDS , KS X ISO/IEC 18043：2007 9 . IDS IDS IDS . IDS , , , , . IDS , . , , IDS . . IDS . KS X ISO/IEC TR 18044 . 5.3.4 IDS . , . IDS ? , ? IDS , IDS ? IDS ? . , IDS . , , IDS . . . . . . IDS , IDS . HTTP(Hypertext Transfer Protocol) IDS . IDS . , IDS . IDS . , , , , . , IDS KS X ISO/IEC 18043：2007 10 . 5.3.5 IDS