Apne kabhi na kabhi IDS ,What is Firewall or honeypots ka naam jarur suna hoga. Agar aap ek ethical hacker bana chahte hai tab apko inke bare mai pata hona jaruri hota hai.
Yeh sabhi ek tarah ki Network ki security ke liye use kiye jate hai. Inka use karne ke liye apko yeh pata hona jaruri hota hai. Yeh sabhi Network ko secure rakhne ke liye kis tarah se importance dete hai.
Kisi bhi Network ko secure rakhne ke liye inka use kiya jata hai. Jabki yeh puri tarah se kisi Computer ya Network ko secure nahi kar pate hai.
Lekin Phir bhi kuch had tak inka use karke Computers or Networks ko secure kiya ja sakta hai. IDS or Firewall ka use security ke liye kiya jata hai. Lekin HoneyPots ka use ek trap ki tarah kiya jata hai.
Evading IDS
IDS ka pura naam Intrusion detection system hota hai. Evading IDS ke bare mai jane se pahle apko kuch terms ke bare mai pata hona jaruri hota hai.
Jaise Intrudor kya hota hai, Intrusion kya hota hai. Intrudor ek aisa person hota hai jo kisi Network mai unauthorized access ko gain karne ke liye try karta hai.
Intrudor ko agar access mil jata hai. Kisi network ka tab veh apke data ko corrupt karna or data ko steal karne. Jaise kaam kar sakta hai Intrudor do types ke hote hai.
Outside Intrudor
Ise Mosquerador bhi kaha jata hai. Outside Intrudor kisi network ke bahar ka person hota hai.
Veh network ko unauthorized access karne ke liye try karta hai. Inhe kisi bhi tarah ka authorized access nahi diya jata hai.
Inside intrudor
Inside intrudor ko misfeasor bhi kaha jata hai. Ise kisi network ka authorize access diya gaya hota hai. Yeh network se authorize tarike se connected hota hai.
Lekin ise jo services provide ki gayi hoti hai. Yeh unka miss use karne ki koshish karta hai. Inside itrudor ko pehchan pana bahut hi mushkil hota hai
Intrusions
Kisi bhi Intrudor ke through jab unathourized access kiya jata hai kisi nerwork mai. Aise mai veh Intrusion kehlata hai.
Jab intrudor kisi particular network mai unathourized access ko kar leta hai tab veh Intrusion kehlata hai
IDS
Illegal activity ko find karne vale system ko IDS kaha jata hai. Jo Intrudor ko detect karta hai use IDS kaha jata hai. Yeh kisi network ko continues monitor karta rehta hai.
Jis vajah se intrudor ko detect kiya jata hai. IDS ke through yeh computer mai background mai run karta rehta hai.Jab ise kisi tarah ki suspicious activity milti hai.
Veh Network administrator ko alert message bhej deta hai. Firewall ko kisi computer ya network ek watchman samjh sakte hai or Evading IDS ko CCTV samjh sakte hai
Intrusion detection tools
Peek and spy
OSSEC
Silver sky
AIDE(Advanced Intrusion Detection environment)
Vanguard enforcer
working of Evading IDS
Evading IDS un pattern ko detect karta hai. Jinka signature unme store hote hai. Jaise ab tak ke IDS par kiye gaye jitne bhi attacks hai.
IDS un sabhi pattern ke signature ko store karke rakhta hai. Or future mai jab bhi kisi tarah ki Suspicious activity hoti hai.
IDS un Signatures ko apne se match karke hi pata laga pata hai. Yeh Suspicious activity hai. Lekin IDS par kisi new technique ke through jab Unauthourized access lene ki koshish ki jati hai.
Veh use trace nahi kar sakta hai. Kyoki veh new technique IDS ke database mai store nahi hoti hai.
Deviation use process ko kehta hai. Jaha ek person jiska kaam kuch or hota hai or use jitni permission di jati hai kisi network mai use kisi or person ki jagah lekar permission ko change karta hai. Ise Anonymously based IDS kehta hai.
Jaise kisi network mai ek developer ko permission hai. Veh coding karega or use debug karega. Lekin agar vahi developer system administrator ki jagah lekar khud ko di gyi permission ko change kar deta hai. Aise mai yeh Intrusion kehlata hai.
Types of Evading IDS
NIIDS
HIIDS
NIIDS
NIIDS ka pura naam Network based Intrusion detection system hota hai. Yeh kisi network mai flow ho rahe data ko Monitor karta hai.
Use capture karta hai or sath hi malicious data ko packets mai se detect bhi karta hai. NIIDS ko agar kisi tarah ka malicious packet milta hai
Veh use capture karke use apne database se match karta hai ki usme koi malicious file to nahi hai. Thik se analysis karne ke bad hi veh data packets ko age forward karta hai. Lekin agar apka network bahut bada hota hai. Tab veh NIIDS itne bade network mai analysis karna thoda mushkil ho jata hai.
HIIDS
Iska pura naam Host-based Intrusion detection system hota hai. HIIDS ko kisi particular system mai install kiya jata hai. Yeh complete network ko monitor nahi karta hai.
Yeh sirf usi system ya computer ke ane jane vale packets ko monitor karta rehta hai. Or kisi bhi tarah ki Suspicious activity detect hone par admin ko bata deta hai.
Yeh Snapshot ka use karke Suspicious activity ko detect karne ki koshish karta hai. Jaise ek snapshot kuch der pahle ka hota hai. Tab kisi tarah ki Suspicious activity nahi hoti hai.
Or kuch der baad agar aisa hota ha.iTtab HIIDS pichle snapshot se aab ke snapshot ko match karke Suspicious activity ko detect karta hai.
Firewall
Jaise ki naam se hi pata chalta hai. Wall ek aisi devar jo kisi Unauthorized access ko apke computer mai enter nahi hone diya jata hai.
Yeh apke computer ke Operating system mai inbuilt hi hoti hai. Jo bahar se a rahe network ko allow or disallow ka kaam karti hai.
yeh ek software ya hardware dono tarah ka ho sakte hai. Aisa nahi hai Firewall ko bypass nahi kiya ja sakta hai.
Firewall ko bypass bhi kiya ja sakta hai. Hackers kisi aise device ya software mai apne malicious code ko inject karke Firewall ko bypass karte hai. Jinhe yeh disallow nahi karta hai
yeh bahar se aa rahe data ko apke computer mai enter hone se pahle check karta hai. Jaise apne dekha hoga ki colleges ya schools mai social Networking sites ko block kiya gaya hota hai.
Koi bhi person unhe open nahi kar sake. Lekin phir bhi kuch log Proxy ka use karke Firewall ke through block ki gayi website ko khol bhi lete hai. Aise mai IDS apna kaam karta hai.
Jaise ki apko btaya gaya hai agar Firewall watchman hai. Tab evading IDS CCTV hai Firewall ko bypass karne ke baad data packets IDS par jate hai. Or veh Suspicious activity ko detect kar leta hai.
DMZ
DMZ ka pura naam Demilitarized zone hota hai. Jaise ki hum jante hai ki kisi bhi external network se ane vala data Firewall ke through hi humare computer mai enter hota hai.
Lekin agar hume kisi aise server ke sath internet ke through connect hona padta hai. Tab ise Firewall allow nahi karta hai. Aise mai hume permission ko allow karna hota hai ports ko open karna padhta hai.
Yaha par DMZ ka use kiya jata hai. jaha jab hum kisi server ko DMZ mai set karte hai. Tab DMZ ke through kisi server ko access karne ke liye port Forwarding ya permission ko allow karne ki jarurt nahi padti hai.
Kyoki DMZ ko automatic hi sabhi permission allow ho jati hai. Jinhe hum DMZ server mai configure karte hai
Types of Firewall
Packet Filtering Firewall
Packet filtering Firewall ke apne kuch rules pahle se hi decide kiye gaye hote hai. Jo bahar se aa rahe network ke data packets agar kisi bhi rule ke against hote hai.
Un data packets ko allow nahi kiya jata hai. Bahar se aa rahe data source address, Destination address , port numbers , Protocols, ke sath. Apke Private network mai ate hai.
Ise inhi rules mai se agar ek rule bhi dismatch hota hai. Tab data ko allow nahi kiya jata hai. Lekin agar maan lijiye ki internal network se ane vale packets Firewall ke kisi bhi rule se match nahi hote hai.
Tab apke pass Notification ata hai ki aap un data packets ko allow karna chahte hai ya nahi. Packet filtering Firewall jada security nahi deta hai.
Application level Gateways
Application level Gateways packet filtering se jada secure mana jata hai. Kyoki isme data jo aa raha hai use bhi check kiya jata hai.
Jaise maan lijiye internal Network se aa raha data ka source or destination address sahi hota hai. Tab packet filtering use allow karta hai. Lekin agar bahar se ane vala data kisi tarah ka malicious code ya payload hota hai.
Tab yeh use allow nahi karta hai. Application level ko bhi check karta hai sab kuch sahi hine par hi use allow kiya jata hai.
Firewalls Tools
Jetico Personal firewall
Novell border manager
Honeypots
Iska use karke black hat hackers ko pakda ja sakta hai. Honeypots ka use karke aisa setup bana kar hackers ko apni tarf attract kiya jata hai. Hacking karne ke liye iske badd unhe trace karke pakda ja sakta hai.
Honeypots ek tarah se hackers ke liye ek chare ka kaam karta hai. Jis tarah fish ko pakdne ke liye chara dala jata hai. Thik isi tarah hackers ko pakdne ke liye honeypots ka use kiya jata hai.
Hackers ka dhyan bhatkane ke liye unhe trace karne ke liye use kiya jata hai. Isme kayi tarah ke ports pahle se hi open hote hai taki hackers ko fasaya ja sake.
Jaise maan lijiye kisi company par bar bar hacking attacks hote hai. Veh company ek Ethical hacker ko hire karke uske through ek aisa setup banvati hai.
Hacker dubara se use hack karne ki koshish karte hai or trace ho jate hai. Jinhe Honeypots kaha jata hai or iske through hackers pakde jate hai.
Two types of Honeypots
Production Honeypots
Research Honeypots
Production Honeypots
Production Honeypots ko low-interaction honeypots bhi kaha jata hai. Iska is tarah se kisi computer mai setup kiya jata hai.
Jo hackers ki information kuch had tak hi trace karta hai. Yeh attackers or attack ki ek limited information hi deta hai. Ise manage karna bhi asaan hota hai
Research Honeypots
Research Honeypots ko high-interaction honeypots bhi kaha jata hai. Iska use kisi tarah ke hacking attacks karne vale Black hat hackers ko pakdne ke liye kiya jata hai.
Jaise Website hacking is tarah ki hacking ko pakdne ke liye inhe setup kiya jata hai . Badi badi companies ya government organisation mai iska jada use kiya jata hai.
Kyoki badi badi companies par attacks hote rehte hai. Isliye hackers ko pakdne ke liye inhe setup kiya jata hai
Honeypot Tools
HIHAT
ARGOS
The Conclusion
Main umeed karta hu ki apko Evading IDS, Firewall or Honeypots ke bare mai pata chal gaya hoga. In sabhi ke bare mai ek Ethical hacker ko pata hona jaruri hota hai.
Veh kisi bhi tarah ki hacking ko rok sake or black hat hackers ko pakad sake. Agar apka kis bhi tarah ka koi question hai tab aap humse comment box mai puch sakte hai. Apko yeh post achi lage to ise share jarur karen.
Thankyou
This web site is really a walk-through for all of the info you wanted about this and didn’t know who to ask. Glimpse here, and you’ll definitely discover it.
I really appreciate your help with my project!
Like!! I blog quite often and I genuinely thank you for your information. The article has truly peaked my interest.