Red Hat NETWORK 3.6 - Guia do Utilizador descarregar pdf (Página 26)

By default, these settings are disabled and must be manually edited in the

pvs.conf file.

The PVS detects many applications through plugin and protocol analysis. At a lower level,

the PVS also detects open ports and outbound ports in use on the monitored networks. By

default, the PVS will detect any TCP server on the protected network if it sees a TCP “SYN-

ACK” packet.

In combination, the detection of server ports and client destination ports allows a network

administrator to see who on their network is serving a particular protocol and who on their

network is speaking that protocol.

DETECTING SPECIFIC SERVER AND CLIENT PORT USAGE

Another PVS configuration option provides more specific details about server and client port

usage. On Unix systems, this is the “show-connections” keyword in the pvs.conf file. This

setting keeps track of host communication within the focus network. When the “show-

connections” option is enabled, every time a host connects to another host, PVS records

the client, server, and server port, if one of the hosts is in the defined focus network. It

does not track the frequency or time stamp of the connections – just that a connection was

made.

The “show-connections” option provides a greater level of detail than the “connections-

to-services” option. For example, if your IP address is 1.1.1.1 and you use the SSH

service to connect to “some_company.com”, use of these options would record the

following:

show-connections:

1.1.1.1  some_company.com:SSH

connections-to-services

1.1.1.1  SSH

Using the “connections-to-services” option lets you know that the system at 1.1.1.1

uses the SSH protocol. This information may be useful to know regardless of where the

service is being used.

The PVS does not log a session-by-session list of communications. Instead, it logs the

relationship between the systems. For example, if system A is detected using the SSH

protocol on port 22 connecting to system B, and both systems are within the focus network,

the PVS would log:

> System A browses on port 22

> System B offers a service (listens) on port 22

> System A communicates with System B on port 22

If system B were outside of the focus network, the PVS would not record anything about the

service System B offers, and would also log that System A browses outside of the focus

network on port 22. The PVS does not log how often a connection occurs, only that it

1 2 ... 21 22 23 24 25 26 27 28 29 30 31 ... 60 61

Sem comentários

Red Hat NETWORK 3.6 - Guia do Utilizador Página 26