{"id":4983,"date":"2023-05-24T18:51:14","date_gmt":"2023-05-24T15:51:14","guid":{"rendered":"https:\/\/www.domainhizmetleri.com\/blog\/?p=4983"},"modified":"2023-05-25T10:03:13","modified_gmt":"2023-05-25T07:03:13","slug":"ids-ve-ips-nedir","status":"publish","type":"post","link":"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/","title":{"rendered":"IDS ve IPS Nedir?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Yaz\u0131 \u0130\u00e7eri\u011fi<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u0130\u00e7indekiler Tablosunu A\u00e7\/Kapat\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #0a0a0a;color:#0a0a0a\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #0a0a0a;color:#0a0a0a\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Tanimlamalar\" >Tan\u0131mlamalar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Intrusion_Detection_System_IDS_Nedir\" >Intrusion Detection System (IDS) Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IDS_Tarafindan_Tespit_Edilebilen_Potansiyel_Tehditler\" >IDS Taraf\u0131ndan Tespit Edilebilen Potansiyel Tehditler:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IDS_Neden_Onemlidir\" >IDS Neden \u00d6nemlidir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IDS_Tespit_Sistemleri_Nelerdir\" >IDS Tespit Sistemleri Nelerdir?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Network_Intrusion_Detection_System_NIDS\" >Network Intrusion Detection System (NIDS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Host_Intrusion_Detection_System_HIDS\" >Host Intrusion Detection System (HIDS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Signature-Based_Intrusion_Detection_System_SIDS\" >Signature-Based Intrusion Detection System (SIDS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Anomaly-Based_Intrusion_Detection_System_AIDS\" >Anomaly-Based Intrusion Detection System (AIDS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Perimeter_Intrusion_Detection_System_PIDS\" >Perimeter Intrusion Detection System (PIDS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Virtual_Machine-Based_Intrusion_Detection_System_VMIDS\" >Virtual Machine-Based Intrusion Detection System (VMIDS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Stack-Based_Intrusion_Detection_System_SBIDS\" >Stack-Based Intrusion Detection System (SBIDS)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IDSin_Avantajlari_Nelerdir\" >IDS&#8217;in Avantajlar\u0131 Nelerdir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IDSin_Dezavantajlari_Nelerdir\" >IDS&#8217;in Dezavantajlar\u0131 Nelerdir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Intrusion_Prevention_System_IPS_Nedir\" >Intrusion Prevention System (IPS) Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IPS_Tarafindan_Tespit_Edilebilen_Potansiyel_Tehditler\" >IPS Taraf\u0131ndan Tespit Edilebilen Potansiyel Tehditler:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IPS_Tespit_Sistemleri_Nelerdir\" >IPS Tespit Sistemleri Nelerdir?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Network-Based_Intrusion_Prevention_System_NIPS\" >Network-Based Intrusion Prevention System (NIPS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Wireless_Intrusion_Prevention_System_WIPS\" >Wireless Intrusion Prevention System (WIPS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Host-Based_Intrusion_Prevention_System_HIPS\" >Host-Based Intrusion Prevention System (HIPS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#Network_Behavior_Analysis_NBA\" >Network Behavior Analysis (NBA)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IDSe_sahip_IPS_Cozumlerin_Avantajlari_Nelerdir\" >IDS&#8217;e sahip IPS \u00c7\u00f6z\u00fcmlerin Avantajlar\u0131 Nelerdir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IPSin_Dezavantajlari_Var_mi_Varsa_Nelerdir\" >IPS&#8217;in Dezavantajlar\u0131 Var m\u0131? Varsa Nelerdir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.domainhizmetleri.com\/blog\/ids-ve-ips-nedir\/#IPS_ile_IDSin_Arasindaki_Farklar\" >IPS ile IDS&#8217;in Aras\u0131ndaki Farklar<\/a><\/li><\/ul><\/nav><\/div>\n\n<p>\u0130nternet teknolojisinin geli\u015fmesiyle birlikte a\u011flara y\u00f6nelik tehditlerin say\u0131s\u0131 giderek artmaya devam ediyor. Bu tehditler, i\u015f s\u00fcre\u00e7lerinde aksakl\u0131klar ve veri kay\u0131plar\u0131 gibi sorunlar yaratarak, a\u011f g\u00fcvenli\u011fi konusunun \u00f6nemini anlamam\u0131z\u0131 sa\u011fl\u0131yor. A\u011f g\u00fcvenli\u011fini kontrol etmek ve korumak i\u00e7in baz\u0131 sistemler bulunuyor. Bu yaz\u0131m\u0131zda a\u011f g\u00fcvenli\u011fi i\u00e7in kullan\u0131lan sistemlerden olan IDS ve IPS hakk\u0131nda merak edilenleri sizinle payla\u015f\u0131yoruz.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"428\" src=\"https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-ve-IPS-Nedir-1024x428.png\" alt=\"IDS ve IPS Nedir\" class=\"wp-image-5044\" srcset=\"https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-ve-IPS-Nedir-1024x428.png 1024w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-ve-IPS-Nedir-300x126.png 300w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-ve-IPS-Nedir-990x414.png 990w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-ve-IPS-Nedir.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Tanimlamalar\"><\/span>Tan\u0131mlamalar<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Yabanc\u0131 dildeki baz\u0131 teknik terimler tam olarak T\u00fcrk\u00e7e&#8217;ye \u00e7evrilemiyor. Nedeni TDK&#8217;nin eskisi kadar teknik terimlere yo\u011funla\u015fmamas\u0131 olabilir. Fakat biz yine de elimizden geldi\u011fi kadar tam netle\u015fmeyen terimleri a\u015fa\u011f\u0131da a\u00e7\u0131klamak istiyoruz. Bunlar\u0131n d\u0131\u015f\u0131nda merak ettikleriniz olursa yorum b\u00f6l\u00fcm\u00fcnden bize iletebilirsiniz. Ard\u0131ndan detayl\u0131 olarak devam edece\u011fiz.<\/p>\n\n\n\n<p><strong>False Positive:<\/strong> T\u00fcrk\u00e7e kar\u015f\u0131l\u0131\u011f\u0131 birebir \u00e7evirdi\u011fimizde Yanl\u0131\u015f Pozitif, anlam y\u00f6n\u00fcnden \u00e7evirdi\u011fimizde ise &#8220;Olmamas\u0131 Gereken Tespit&#8221; diyebilece\u011fimiz bir durumdur.<\/p>\n\n\n\n<p><strong>False Negative:<\/strong> T\u00fcrk\u00e7e kar\u015f\u0131l\u0131\u011f\u0131 birebir \u00e7evirdi\u011fimizde Yanl\u0131\u015f Negatif, anlam y\u00f6n\u00fcnden \u00e7evirdi\u011fimizde ise &#8220;Olmas\u0131 Gereken Tespit&#8221; diyebilece\u011fimiz bir durumdur.<\/p>\n\n\n\n<p><strong>Spoofing: <\/strong>Yan\u0131lt\u0131c\u0131 bir IP adresi kullanarak ba\u015fka bir bilgisayar veya a\u011fa giri\u015f yapma giri\u015fimidir. Spoofing kullanan ki\u015finin kimli\u011fi gizlendi\u011fi i\u00e7in tespit edilmesi zorla\u015f\u0131r.<\/p>\n\n\n\n<p><strong>ICMP:<\/strong> A\u011f cihazlar\u0131 aras\u0131nda ileti\u015fimde kontrol mesajlar\u0131n\u0131n iletilmesini sa\u011flayan bir protokold\u00fcr. Hata bildirimleri, hedef cihaz\u0131n eri\u015filebilirli\u011fini kontrol etmek ve a\u011fdaki sorunlar\u0131 tespit etmek gibi g\u00f6revleri yerine getirir. A\u011fdaki hedef cihaz\u0131n eri\u015filebilirli\u011fini ve tepki s\u00fcresini kontrol etmek i\u00e7in kullan\u0131lan &#8220;ping&#8221; komutu ICMP \u00fczerinden \u00e7al\u0131\u015f\u0131r.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Intrusion_Detection_System_IDS_Nedir\"><\/span>Intrusion Detection System (IDS) Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Network trafi\u011fini inceleyerek sorun yaratabilecek, bilinen t\u00fcm tehditlerle birlikte network trafi\u011finde \u015f\u00fcpheli veya zararl\u0131 ba\u011flant\u0131lar\u0131 kontrol eden bir sistemdir. Olas\u0131 bir g\u00fcvenlik riski tespit edildi\u011finde uyar\u0131lar g\u00f6ndererek konu hakk\u0131nda sizleri bilgilendirir. <br><br>T\u00fcrk\u00e7e kar\u015f\u0131l\u0131\u011f\u0131 &#8220;Sald\u0131r\u0131 Tespit Sistemi&#8221; olan IDS ama\u00e7 olarak bir g\u00fcvenlik riski tespit etti\u011finde uyar\u0131 g\u00f6ndermeyi ama\u00e7lar.<\/p>\n\n\n\n<p>IDS i\u00e7in \u00fccretli ve \u00fccretsiz \u00e7\u00f6z\u00fcmler bulunmaktad\u0131r. A\u011f trafi\u011fini incelemek i\u00e7in a\u011fa ba\u011flanabilen herhangi bir bireysel cihaz, a\u011fa yerle\u015ftirilen \u00f6zel bir cihaz (Firewall, Router, vb.) veya bir yaz\u0131l\u0131m olarak kullan\u0131labilir.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"428\" src=\"https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-Nedir-1024x428.png\" alt=\"IDS Nedir\" class=\"wp-image-5040\" srcset=\"https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-Nedir-1024x428.png 1024w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-Nedir-300x126.png 300w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-Nedir-990x414.png 990w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IDS-Nedir.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IDS_Tarafindan_Tespit_Edilebilen_Potansiyel_Tehditler\"><\/span><strong>IDS Taraf\u0131ndan Tespit Edilebilen Potansiyel Tehditler:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>Address Spoofing:<\/strong> Sahte bir kaynak adresi kullanarak a\u011f trafi\u011fi olu\u015fturdu\u011fu ve hedef sistemleri yan\u0131ltan bir sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. IP adresi de\u011fi\u015fti\u011fi i\u00e7in al\u0131c\u0131 sunucunun, sald\u0131r\u0131 kayna\u011f\u0131n\u0131 tespit edebilmesi zorla\u015f\u0131r veya engellenemez. Bu sald\u0131r\u0131 t\u00fcr\u00fcne DoS (Denial-of-service attack) sald\u0131r\u0131s\u0131n\u0131 \u00f6rnek g\u00f6sterebiliriz .<\/p>\n\n\n\n<p><strong>Fragmentation Attack:<\/strong> IP tabanl\u0131 a\u011flarda i\u00e7erisinde kaynak ve hedef IP adresleri gibi bilgileri i\u00e7eren bir veri paket t\u00fcr\u00fc olan datagram kullan\u0131l\u0131r. Datagramlar hedef sunucuya aktar\u0131l\u0131rken par\u00e7a par\u00e7a iletilir. Bu paketlerin bir araya gelmesini engellemek i\u00e7in birle\u015ftirilemeyen sahte par\u00e7alar g\u00f6nderilir. T\u00fcm par\u00e7alar tamamlanamad\u0131\u011f\u0131 i\u00e7in s\u00fcrekli olarak ge\u00e7ici haf\u0131zay\u0131 doldurmaya ba\u015flar ve sunucu kaynaklar\u0131n\u0131n t\u00fcketilmesi hedeflenir. Bu sald\u0131r\u0131 t\u00fcr\u00fcne \u00f6rnek olarak Teardrop saldr\u0131s\u0131n\u0131 \u00f6rnek g\u00f6sterebiliriz.<\/p>\n\n\n\n<p><strong>Pattern Evasion:<\/strong> Hedef makineye iletilen verinin imzas\u0131n\u0131 d\u00fczenleyerek veya g\u00fcvenli bir imza ekleyerek IDS&#8217;in tan\u0131mlayamamas\u0131na ve veri giri\u015fine izin vermesi hedeflenir. Veriler hedef sunucuya ula\u015ft\u0131\u011f\u0131nda \u00e7\u00f6z\u00fcmlenerek a\u011f g\u00fcvenli\u011finde tehdit yaratabilir. Bu sald\u0131r\u0131 t\u00fcr\u00fcne \u00f6rnek olarak SQL Injection sald\u0131r\u0131s\u0131n\u0131 \u00f6rnek g\u00f6sterebiliriz.<\/p>\n\n\n\n<p><strong>Coordinated Attack:<\/strong> Birden fazla sald\u0131rgan\u0131n hedef bir sunucuyu etkisiz hale getirebilmek i\u00e7in anla\u015f\u0131p kordineli bir \u015fekilde ataklar ger\u00e7ekle\u015ftirmesine denir. Bu atak t\u00fcr\u00fcnde \u00e7ok say\u0131da ve genelde Botnet (zombi bilgisayarlar) olarak adland\u0131r\u0131lan \u00f6nceden zafiyete u\u011fram\u0131\u015f cihazlar kullan\u0131l\u0131r. Bu durum sistemler taraf\u0131ndan normal bir trafik olarak alg\u0131lanaca\u011f\u0131 i\u00e7in tespit edilebilmesi zorla\u015f\u0131r. Bu sald\u0131r\u0131 t\u00fcr\u00fcne DDoS (Distributed Denial of Service) sald\u0131r\u0131s\u0131n\u0131 \u00f6rnek g\u00f6sterebiliriz.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IDS_Neden_Onemlidir\"><\/span>IDS Neden \u00d6nemlidir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Network g\u00fcvenli\u011finizi korumak i\u00e7in antivir\u00fcs yaz\u0131l\u0131mlar\u0131 kullanm\u0131\u015f, \u00f6zel g\u00fcvenlik duvar\u0131 konfig\u00fcrasyonlar\u0131 ayarlam\u0131\u015f veya t\u00fcm \u00e7al\u0131\u015fanlar\u0131n\u0131za bilgi g\u00fcvenli\u011fi fark\u0131ndal\u0131k e\u011fitimi vermi\u015f olabilirsiniz. Fakat her ge\u00e7en g\u00fcn a\u011f ba\u011flant\u0131n\u0131z\u0131 tehdit edebilecek sald\u0131r\u0131 t\u00fcrleri ve zafiyetlerle kar\u015f\u0131la\u015f\u0131l\u0131yor. Bu tehditleri herhangi bir sorun ya\u015famadan erkenden aksiyon al\u0131nabilmesi ad\u0131na di\u011fer g\u00fcvenlik \u00f6nlemlerinize ek olarak bir IDS \u00e7\u00f6z\u00fcm\u00fc kullan\u0131lmas\u0131 da \u00f6nemlidir. Bu sayede gelen sald\u0131r\u0131lar\u0131 erkenden fark ederek network g\u00fcvenli\u011finizi korumak i\u00e7in h\u0131zl\u0131 bir \u015fekilde aksiyon alabilirsiniz.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IDS_Tespit_Sistemleri_Nelerdir\"><\/span>IDS Tespit Sistemleri Nelerdir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Network_Intrusion_Detection_System_NIDS\"><\/span>Network Intrusion Detection System (NIDS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A\u011fa ba\u011fl\u0131 t\u00fcm cihazlar\u0131n gelen ve giden t\u00fcm trafi\u011fi izleyerek \u015f\u00fcpheli ve zararl\u0131 ba\u011flant\u0131lar\u0131 tespit eder. NIDS, bir veya birden \u00e7ok a\u011f noktas\u0131na yerle\u015ftirilebilir. G\u00fcvenlik stratejinize g\u00f6re NIDS sadece d\u0131\u015f a\u011f noktalar\u0131n veya hem i\u00e7 hem d\u0131\u015f ba\u011flant\u0131 noktalar\u0131n\u0131 izleyebilecek \u015fekilde konumland\u0131r\u0131labilir. <\/p>\n\n\n\n<p><strong>\u00dccretsiz NIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Snort<\/li>\n\n\n\n<li>Suricata<\/li>\n\n\n\n<li>OSSEC<\/li>\n\n\n\n<li>Zeek (Eski ad\u0131yla Bro)<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli NIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fortinet FortiGate<\/li>\n\n\n\n<li>IBM QRadar<\/li>\n\n\n\n<li>McAfee NSM<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Host_Intrusion_Detection_System_HIDS\"><\/span>Host Intrusion Detection System (HIDS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u0130nternete ve dahili a\u011fa ba\u011fl\u0131 bireysel cihazlara kurulur. HIDS sayesinde i\u00e7eriden gelen paketleri ve NIDS taraf\u0131ndan tespit edilememi\u015f \u015f\u00fcpheli ve zararl\u0131 trafi\u011fi alg\u0131layabilir. Bu sayede i\u00e7 networkte ba\u011fl\u0131 olan herhangi bir cihaz\u0131n zafiyet ya\u015famas\u0131 durumunda di\u011fer cihazlara bu zafiyetin yay\u0131labilmesi erkenden fark edilir.<\/p>\n\n\n\n<p><strong>\u00dccretsiz HIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OSSEC<\/li>\n\n\n\n<li>Sagan<\/li>\n\n\n\n<li>Splunk<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli HIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.domainhizmetleri.com\/blog\/imunify360-nedir-ne-ise-yarar\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.domainhizmetleri.com\/blog\/imunify360-nedir-ne-ise-yarar\/\" rel=\"dofollow noopener\">Imunify360<\/a><\/li>\n\n\n\n<li>SolarWinds Security Event Manager<\/li>\n\n\n\n<li>ManageEngine Event Log Analyzer<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Signature-Based_Intrusion_Detection_System_SIDS\"><\/span>Signature-Based Intrusion Detection System (SIDS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A\u011fda bulunan t\u00fcm paketleri izler ve bir veritaban\u0131nda bulunan sald\u0131r\u0131 imzalar\u0131yla paketleri kar\u015f\u0131la\u015ft\u0131r\u0131r. Bu sayede zararl\u0131 paketlerin tespit etmesini kolayla\u015ft\u0131r\u0131r. <\/p>\n\n\n\n<p><strong>\u00dccretsiz SIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Wazuh<\/li>\n\n\n\n<li>Security Onion<\/li>\n\n\n\n<li>Suricata<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli SIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>McAffee ENS<\/li>\n\n\n\n<li>Symantec Endpoint Protection<\/li>\n\n\n\n<li>Trend Micro Deep Security<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Anomaly-Based_Intrusion_Detection_System_AIDS\"><\/span>Anomaly-Based Intrusion Detection System (AIDS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A\u011f \u00fczerinde bant geni\u015fli\u011fi, cihazlar, ba\u011flant\u0131 noktalar\u0131 ve protokolleri izleyerek anormal etkinlikleri ve davran\u0131\u015flar\u0131n\u0131 alg\u0131lar. Bu anormalli\u011fi tespit edebilmesi i\u00e7in a\u011f kullan\u0131m\u0131n\u0131n normal olarak kabul edilebilece\u011fi t\u00fcm kullan\u0131mlar AIDS&#8217;e tan\u0131mlan\u0131r ve trafi\u011fi bu de\u011ferleri kar\u015f\u0131la\u015ft\u0131rarak inceler. Makine \u00f6\u011frenmesiyle birlikte daha da g\u00fc\u00e7lendirilebilen bir sistem oldu\u011fu i\u00e7in SIDS taraf\u0131nda tespit edilemeyen tehditleri erkenden tespit edilebilmesini sa\u011flar.<\/p>\n\n\n\n<p><strong>\u00dccretsiz AIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Zeek<\/li>\n\n\n\n<li>Snort<\/li>\n\n\n\n<li>Ossec<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli AIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Darktrace<\/li>\n\n\n\n<li>Cisco Stealthwatch<\/li>\n\n\n\n<li>SolarWinds Security Event Manager<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Perimeter_Intrusion_Detection_System_PIDS\"><\/span>Perimeter Intrusion Detection System (PIDS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Ana sunucu gibi alt yap\u0131n\u0131n \u00f6nemli noktalar\u0131n etraf\u0131nda ki trafi\u011fi kontrol edebilmek ad\u0131na kullan\u0131lan Firewall, VPN veya a\u011f g\u00fcvenli\u011fi yaz\u0131l\u0131mlar\u0131 ile birlikte \u00e7al\u0131\u015f\u0131r. Bu g\u00fcvenlik \u00f6nlemleri \u00fczerinde ki eri\u015fimleri izleyerek zararl\u0131 veya izinsiz giri\u015f denemelerini tespit eder. Bu sayede kritik noktalara yetkisiz eri\u015fimin \u00f6n\u00fcne ge\u00e7ilir.<\/p>\n\n\n\n<p><strong>\u00dccretsiz PIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Snort<\/li>\n\n\n\n<li>OSSEC<\/li>\n\n\n\n<li>Suricata<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli PIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fortinet FortiGate<\/li>\n\n\n\n<li>Cisco Firepower<\/li>\n\n\n\n<li>WatchGuard<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Virtual_Machine-Based_Intrusion_Detection_System_VMIDS\"><\/span>Virtual Machine-Based Intrusion Detection System (VMIDS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Bulut bili\u015fim ortamlar\u0131nda, sanal makineleri korumak i\u00e7in kullan\u0131lan PIDS t\u00fcr\u00fcd\u00fcr. VMIDS, bir sanal makinede \u00e7al\u0131\u015f\u0131r ve sanal makine ortam\u0131ndaki a\u011f trafi\u011fini izleyerek anormal davran\u0131\u015flar\u0131 tespit eder. Fiziksel a\u011f \u00fczerinde ki trafi\u011fi inceleyemedi\u011fi i\u00e7in genelde ek bir g\u00fcvenlik \u00f6nlemi olarak tercih edilir.<\/p>\n\n\n\n<p><strong>\u00dccretsiz VMIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Snort<\/li>\n\n\n\n<li>Security Onion<\/li>\n\n\n\n<li>Suricata<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli VMIDS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>McAfee MOVE AntiVirus<\/li>\n\n\n\n<li>Check Point vSEC<\/li>\n\n\n\n<li>Trend Micro Deep Security<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Stack-Based_Intrusion_Detection_System_SBIDS\"><\/span>Stack-Based Intrusion Detection System (SBIDS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>TCP\/IP \u00fczerinden network i\u00e7erisinde hareket eden paketleri izler ve zararl\u0131 olan paketler i\u015flenmeden \u00f6nce tespit eder. Bu sayede a\u011fa ba\u011fl\u0131 cihazlara zararl\u0131 yaz\u0131l\u0131m veya sald\u0131r\u0131lar erkenden fark edilir.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IDSin_Avantajlari_Nelerdir\"><\/span>IDS&#8217;in Avantajlar\u0131 Nelerdir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>G\u00fcvenlik tehditlerini tespit eder:<\/strong> IDS, a\u011fdaki trafi\u011fi izleyerek tehditleri tespit edip \u00f6nceden \u00f6nlem al\u0131nmas\u0131n\u0131 sa\u011flar.<\/li>\n\n\n\n<li><strong>G\u00fcvenlik zafiyetlerini tespit eder:<\/strong> IDS, a\u011fdaki bilgisayar sistemlerinin g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 belirleyerek bunlar\u0131n giderilmesini sa\u011flar.<\/li>\n\n\n\n<li><strong>Veri kayb\u0131n\u0131 \u00f6nler:<\/strong> IDS, a\u011fdaki veri s\u0131z\u0131nt\u0131lar\u0131n\u0131 tespit ederek veri kayb\u0131n\u0131 \u00f6nlemeye yard\u0131mc\u0131 olur.<\/li>\n\n\n\n<li><strong>A\u011f performans\u0131n\u0131 art\u0131r\u0131r:<\/strong> IDS, a\u011fdaki gereksiz trafi\u011fi filtreleyerek a\u011f performans\u0131n\u0131 art\u0131r\u0131r.<\/li>\n\n\n\n<li><strong>Mevzuat uyumunu sa\u011flar:<\/strong> ISO 27001 gibi standartlar ve 5651 gibi yasalar, a\u011flarda g\u00fcvenlik \u00f6nlemleri al\u0131nmas\u0131n\u0131 gerektirir. IDS, bu kurallara uyum sa\u011flamay\u0131 kolayla\u015ft\u0131r\u0131r.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IDSin_Dezavantajlari_Nelerdir\"><\/span>IDS&#8217;in Dezavantajlar\u0131 Nelerdir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>Olmamas\u0131 Gereken (False Positive) Tespit:<\/strong> E\u011fer IDS kurallar\u0131n\u0131zda neyin k\u00f6t\u00fc niyetli bir etkinlik olaca\u011f\u0131 konusunda detayl\u0131 bir kurguya sahip de\u011filse normal bir trafi\u011fi sald\u0131r\u0131 olarak alg\u0131layabilir. <\/p>\n\n\n\n<p><strong>Olmas\u0131 Gereken<\/strong> <strong>(False Negative) Tespit:<\/strong> Yeni ve karma\u015f\u0131k sald\u0131r\u0131 teknikleriyle kar\u015f\u0131 kar\u015f\u0131ya kal\u0131nd\u0131\u011f\u0131nda IDS bazen bu sald\u0131r\u0131lar\u0131 tespit edemeyebilir. Bu nedenle IDS \u00e7\u00f6z\u00fcmlerinin ve kurgular\u0131n d\u00fczenli olarak g\u00fcncelle\u015ftirilmesi \u00f6nemlidir.<\/p>\n\n\n\n<p>IDS \u00e7\u00f6z\u00fcmlerinizi tercih ederken yeni tehditleri \u00f6\u011frenebilme ve k\u00f6t\u00fc niyetli ba\u011flant\u0131lar\u0131 h\u0131zl\u0131 bir \u015fekilde tespit edilebilme yetene\u011fine sahip olmas\u0131na dikkat etmenizi \u00f6neririz.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Intrusion_Prevention_System_IPS_Nedir\"><\/span>Intrusion Prevention System (IPS) Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>IPS, a\u011f trafi\u011finde (harici bir IDS taraf\u0131ndan veya baz\u0131 cihazlarda oldu\u011fu gibi kendi i\u00e7inde g\u00f6m\u00fcl\u00fc IDS taraf\u0131ndan) tespit edilen aktif veya potansiyel tehditleri engelleyerek istenilen a\u011f ve cihazlara eri\u015fimi koruma alt\u0131na al\u0131r. A\u011f i\u00e7erisinde \u015f\u00fcpheli bir etkinlik bildirilmesi halinde bu kayna\u011f\u0131 tespit eder ve a\u011f y\u00f6neticisi taraf\u0131ndan \u00f6nceden tan\u0131mlanm\u0131\u015f \u00f6zel emirlere g\u00f6re otomatik olarak aksiyon al\u0131r.<\/p>\n\n\n\n<p>G\u00fcn\u00fcm\u00fczde IPS \u00e7\u00f6z\u00fcmlerin b\u00fcy\u00fck \u00e7o\u011funlu\u011fu IDS yetene\u011fine de sahip oldu\u011fu i\u00e7in, art\u0131k hemen hemen t\u00fcm IPS \u00e7\u00f6z\u00fcmlerinde IDS kurallar ve sald\u0131r\u0131\/zafiyet tespit imkan\u0131 da mevcuttur. Yaz\u0131m\u0131za IPS\/IDS t\u00fcmle\u015fik \u00e7al\u0131\u015fan sistemler \u00fczerinden devam edece\u011fim.<\/p>\n\n\n\n<p>Firewall \u00fczerinden port eri\u015fim k\u0131s\u0131tlamalar\u0131, antivir\u00fcs program\u0131 kullan\u0131m\u0131 gibi geleneksel g\u00fcvenlik \u00f6nlemleri ger\u00e7ek zamanl\u0131 koruma i\u00e7in yetersiz gelebilir. T\u00fcrk\u00e7e kar\u015f\u0131l\u0131\u011f\u0131 &#8220;Sald\u0131r\u0131 \u00d6nleme Sistemi&#8221; olan IPS, bu \u00f6nlemlere ek olarak i\u00e7inde g\u00f6m\u00fcl\u00fc IDS kurallar\u0131 ile zararl\u0131 trafik yaratan kaynaklar\u0131 tespit ederek, a\u011fa eri\u015fimini engelleyebilir. Bu engellemeler, terspit edilen anl\u0131k ba\u011flant\u0131n\u0131n ve paketlerin drop edilmesi, belli s\u00fcreli (\u00f6rn 15 g\u00fcn) eri\u015fim engelleme veya kal\u0131c\u0131 bloke (permanent ban) uygulamalar\u0131 olabilir.<\/p>\n\n\n\n<p>Yukar\u0131da da bahsetti\u011fim \u015fekile IPS \u00e7\u00f6z\u00fcmler g\u00fcn\u00fcm\u00fczde antivir\u00fcs, firewall, anti-spoofing, a\u011f trafi\u011fini izleme \u00f6zelliklerini de i\u00e7erir. Bu sayede a\u011f \u00fczerinde ya\u015fanan tehditler kay\u0131t alt\u0131na al\u0131n\u0131r ve potansiyel risklerin engelleyebilmek i\u00e7in al\u0131nan loglarla daha h\u0131zl\u0131 (milisaniyeler d\u00fczeyinde) \u00f6nlemler al\u0131nabilir.<\/p>\n\n\n\n<p>Tehditleri belirleyebilmek i\u00e7in baz\u0131 y\u00f6ntemler kullan\u0131l\u0131r. Bu y\u00f6ntemler genel olarak a\u015fa\u011f\u0131daki gibidir:<br><br><strong>\u0130mza Tabanl\u0131 Tespit<\/strong>: \u00d6nceden tespit edilmi\u015f olan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131, vir\u00fcsleri, sald\u0131r\u0131 modellerini genelde global olarak ge\u00e7erlili\u011fi olacak \u015fekilde imzalan\u0131r. Bu imzalar\u0131n bulundu\u011fu bir veritaban\u0131 \u00fczerinden e\u015fle\u015ftirme yaparak tehditleri tespit eder ve \u00f6nlem al\u0131r. \u00d6rnek olarak Fortigate&#8217;in IPS veritaban\u0131 imza tabanl\u0131 tespiti destekler.<br><br><strong>\u0130statistiksel Anomali Tabanl\u0131 Tespit:<\/strong> A\u011f trafi\u011fi istatistiklerini belirli bir zaman boyunca toplar ve analiz eder. Analizler a\u011f trafi\u011fi yo\u011funlu\u011fu ve kullan\u0131lan protokolleri i\u00e7erecek \u015fekilde a\u011f trafi\u011finin normal de\u011ferlerini tan\u0131mlar. Olas\u0131 bir anormal davran\u0131\u015f\u0131 h\u0131zl\u0131ca tespit eder ve \u00f6nlem al\u0131r. Bu sayede imza tabanl\u0131 tespitte oldu\u011fu gibi herhangi bir veritaban\u0131na ihtiya\u00e7 duymad\u0131\u011f\u0131 i\u00e7in yeni veya bilinmeyen sald\u0131r\u0131 t\u00fcrlerine kar\u015f\u0131 da \u00f6nlem alabilir.<\/p>\n\n\n\n<p><strong>Politika Tabanl\u0131 Tespit:<\/strong> A\u011f y\u00f6neticileri altyap\u0131ya g\u00f6re \u00f6zel g\u00fcvenlik politikalar\u0131 olu\u015fturur. Bu politikalar\u0131 ihlal eden bir faaliyet tespit etti\u011finde y\u00f6neticiye bilgi verir veya \u00f6n tan\u0131ml\u0131 kurallar uygulanarak \u00f6nlem al\u0131r.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"428\" src=\"https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IPS-Nedir-1024x428.png\" alt=\"IPS Nedir\" class=\"wp-image-5041\" srcset=\"https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IPS-Nedir-1024x428.png 1024w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IPS-Nedir-300x126.png 300w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IPS-Nedir-990x414.png 990w, https:\/\/www.domainhizmetleri.com\/blog\/wp-content\/uploads\/IPS-Nedir.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IPS_Tarafindan_Tespit_Edilebilen_Potansiyel_Tehditler\"><\/span><strong>IPS Taraf\u0131ndan Tespit Edilebilen Potansiyel Tehditler:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>Address Resolution Protocol (ARP) Spoofing<\/strong>: IP adreslerini MAC adreslerine d\u00f6n\u00fc\u015ft\u00fcrmek i\u00e7in ARP (<strong>Address Resolution Protocol<\/strong>) protokol\u00fc kullan\u0131l\u0131r. Bu sayede a\u011fdaki di\u011fer cihazlar\u0131n do\u011fru MAC adreslerini kullanmalar\u0131n\u0131 sa\u011flar. ARP Spoofing sald\u0131r\u0131s\u0131ysa farkl\u0131 bir sistemin IP adresiyle sald\u0131rgan\u0131n MAC adresini ili\u015fkilendirerek ARP protokol\u00fcn\u00fc kand\u0131r\u0131r. Bu sayede sald\u0131rgan a\u011f trafi\u011fini kendi \u00fczerine \u00e7ekebilir. Bu sald\u0131r\u0131 t\u00fcr\u00fcne Man in the Middle sald\u0131r\u0131s\u0131n\u0131 \u00f6rnek g\u00f6sterebiliriz.<\/p>\n\n\n\n<p><strong>Buffer Overflow<\/strong>: Programlarda bulunabilecek bellek y\u00f6netim hatalar\u0131n\u0131 hedefler. Programlar\u0131n \u00e7al\u0131\u015fabilmesi i\u00e7in arabelle\u011fi d\u00fczenli veya uzun veriler girilip arabelle\u011fin dolmas\u0131 ama\u00e7lan\u0131r. Arabellek doldu\u011funda direkt olarak disk alan\u0131na veri yaz\u0131labilme riski bulunur. E\u011fer sald\u0131rganlar direkt disk alan\u0131na veri yazd\u0131rabilirse, program\u0131n i\u00e7erisine veya direkt olarak diske zafiyetli dosyalar y\u00fckleyebilir. Bu sald\u0131r\u0131 t\u00fcr\u00fcne Stack Smashing sald\u0131r\u0131s\u0131 \u00f6rnek verilebilir.<\/p>\n\n\n\n<p><strong>Distributed Denial of Service (DDoS)<\/strong>: A\u011f servislerini hedef alan bir siber sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. Sald\u0131r\u0131da, bir ya da daha fazla bilgisayar veya cihaz sald\u0131rganlar\u0131n kontrol\u00fc alt\u0131nda kullan\u0131larak, hedef sisteme a\u015f\u0131r\u0131 miktarda trafik g\u00f6nderilir. Bu y\u00fcksek trafik yo\u011funlu\u011fu nedeniyle kullan\u0131c\u0131lar\u0131n hedef sistem normal veri trafi\u011fini i\u015fleyemez hale gelir ve kullan\u0131c\u0131lar taraf\u0131ndan sisteme eri\u015filemez.<\/p>\n\n\n\n<p><strong>IP Fragmentation<\/strong>: IDS taraf\u0131ndan tespit edilebilen sald\u0131r\u0131 t\u00fcrlerinde payla\u015fm\u0131\u015f oldu\u011fumuz gibi \u00f6zetle, IP paketlerinin par\u00e7alara b\u00f6l\u00fcnmesi ve bu paketlerin a\u011fa g\u00f6nderilmesi yoluyla ger\u00e7ekle\u015ftirilen bir sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. <\/p>\n\n\n\n<p><strong>Operating System (OS) Fingerprinting<\/strong>: Bu sald\u0131r\u0131da, sald\u0131rganlar bir hedef sisteme y\u00f6nelik \u00f6zel paketler g\u00f6ndererek, hedef sistemin hangi i\u015fletim sistemi kulland\u0131\u011f\u0131n\u0131 tespit etmeye \u00e7al\u0131\u015f\u0131rlar. Bu sayede i\u015fletim sisteminde bulunan a\u00e7\u0131klar tespit edilerek a\u011fa daha kolay sald\u0131r\u0131labilmesi hedeflenir. <\/p>\n\n\n\n<p><strong>Ping of Death<\/strong>:  B\u00fcy\u00fck boyutlarda paket g\u00f6ndererek hedef cihaz\u0131 etkilemeyi ama\u00e7lar. Sald\u0131rganlar, sahte kaynak IP adresleri kullanarak b\u00fcy\u00fck ICMP paketleri g\u00f6nderir ve bu da hedef cihazlar\u0131n \u00e7\u00f6kmesine, donmas\u0131na veya a\u011f ba\u011flant\u0131s\u0131n\u0131n kesilmesine yol a\u00e7abilir.<\/p>\n\n\n\n<p><strong>Port Scanning<\/strong>:&nbsp;A\u011fdaki hangi portlar\u0131n a\u00e7\u0131k ya da kapal\u0131 oldu\u011funu tespit etmek i\u00e7in yap\u0131lan bir sald\u0131r\u0131d\u0131r. Sald\u0131rganlar, a\u00e7\u0131k portlar\u0131 kullanarak sisteme eri\u015fmeye \u00e7al\u0131\u015fabilir. Ancak Port Scanning tek ba\u015f\u0131na zararl\u0131 de\u011fildir ve sadece a\u011f g\u00fcvenli\u011fi a\u00e7\u0131s\u0131ndan bir tehdit olu\u015fturur.<\/p>\n\n\n\n<p><strong>Server Message Block (SMB) Probes<\/strong>: SMB, Windows i\u015fletim sistemi i\u00e7in bir a\u011f protokol\u00fcd\u00fcr ve dosya, yaz\u0131c\u0131 ve di\u011fer i\u015flemleri y\u00f6netmek i\u00e7in kullan\u0131l\u0131r. Sald\u0131rganlar, a\u00e7\u0131k durumdaki SMB portlar\u0131n\u0131 hedef alarak sisteme eri\u015fmeye \u00e7al\u0131\u015f\u0131rlar. Bu t\u00fcr sald\u0131r\u0131lar, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n bula\u015fmas\u0131, hassas bilgilerin \u00e7al\u0131nmas\u0131 veya sistem kaynaklar\u0131n\u0131n \u00e7\u00f6kmesi gibi sonu\u00e7lara neden olabilir<\/p>\n\n\n\n<p><strong>Smurf<\/strong>:&nbsp;S\u00fcrekli olarak ping g\u00f6ndererek a\u011fa eri\u015fimin engellenmesi ama\u00e7lan\u0131r. Bu sald\u0131r\u0131lara DDoS ataklar\u0131n\u0131 \u00f6rnek g\u00f6sterebiliriz.<\/p>\n\n\n\n<p><strong>Secure Sockets Layer (SSL) Evasion<\/strong>: A\u011fa SSL\/TLS trafi\u011fini engellemeden ve tespit edilmeden izinsiz eri\u015fim sa\u011flamas\u0131na olanak tan\u0131yan bir sald\u0131r\u0131d\u0131r. Bu sald\u0131r\u0131da, sald\u0131rgan SSL\/TLS trafi\u011fini \u015fifreleme i\u015flemini atlatarak veya ge\u00e7ersiz bir sertifika kullanarak yap\u0131lan ortak anahtarl\u0131 \u015fifreleme (PKI) gibi g\u00fcvenlik \u00f6nlemlerini etkisiz hale getirerek, hedef sistem veya a\u011f\u0131 k\u00f6t\u00fcye kullanabilir.<\/p>\n\n\n\n<p><strong>SYN Flood<\/strong>: A\u011fa b\u00fcy\u00fck miktarda yan\u0131tlanmam\u0131\u015f SYN (synchronization) iste\u011fi g\u00f6nderilerek, a\u011f\u0131n kaynaklar\u0131n\u0131n t\u00fcketilmesine ve hizmetlerin ge\u00e7ici olarak kesintiye u\u011framas\u0131na neden olur. Sald\u0131rganlar, bu isteklerle a\u011fa giri\u015f yapt\u0131klar\u0131 gibi, hedef ak\u0131\u015f trafiklerine de m\u00fcdahale ederler ve g\u00fcvenli\u011fi ciddi bi\u00e7imde tehlikeye sokarlar. Bu sald\u0131r\u0131da DDoS ataklar\u0131n\u0131n bir t\u00fcr\u00fcd\u00fcr.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IPS_Tespit_Sistemleri_Nelerdir\"><\/span>IPS Tespit Sistemleri Nelerdir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Network-Based_Intrusion_Prevention_System_NIPS\"><\/span>Network-Based Intrusion Prevention System (NIPS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A\u011fa y\u00f6nelik sald\u0131r\u0131lar\u0131 tespit edebilmek i\u00e7in d\u00fczenli olarak a\u011fda bulunan t\u00fcm trafi\u011fi inceler. A\u011fda \u015f\u00fcpheli veya zararl\u0131 bir trafik tespit etti\u011finde engellemek i\u00e7in \u00f6nlem al\u0131r.<\/p>\n\n\n\n<p><strong>\u00dccretsiz NIPS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Snort<\/li>\n\n\n\n<li>Suricata<\/li>\n\n\n\n<li>Zeek<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli NIPS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fortinet Intrusion Prevention System<\/li>\n\n\n\n<li>Cisco Firepower NGIPS<\/li>\n\n\n\n<li>TrendMicro TippingPoint<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Wireless_Intrusion_Prevention_System_WIPS\"><\/span>Wireless Intrusion Prevention System (WIPS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Kablosuz a\u011flarda (WIFI) ya\u015fanabilecek potansiyel tehditleri tespit eder. Kablosuz a\u011f trafi\u011fini analiz ederek, a\u011fa ba\u011fl\u0131 cihazlar\u0131 ve davran\u0131\u015flar\u0131n\u0131 izler. A\u011f \u00fczerinde potansiyel tehditleri tespit ederek a\u011f y\u00f6neticisine bilgi verir ve \u00f6nlenmesi konusunda yard\u0131mc\u0131 olur.<\/p>\n\n\n\n<p><strong>\u00dccretsiz WIPS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Aircrack-ng<\/li>\n\n\n\n<li>Kismet<\/li>\n\n\n\n<li>OpenWIPS-ng<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli WIPS \u00c7\u00f6z\u00fcmleri: <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fortinet Wireless Intrusion Prevention System<\/li>\n\n\n\n<li>Cisco Meraki Wireless Intrusion Prevention System<\/li>\n\n\n\n<li>SonicWall Wireless Intrusion Prevention System<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Host-Based_Intrusion_Prevention_System_HIPS\"><\/span>Host-Based Intrusion Prevention System (HIPS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Bir bilgisayar sistemine y\u00f6nelik sald\u0131r\u0131lar\u0131 tespit etmek veya \u00f6nlemek i\u00e7in kullan\u0131lan g\u00fcvenlik yaz\u0131l\u0131m\u0131 sistemidir. Bilgisayar sistemlerinde kullan\u0131lan dosya sisteminde veya kaynaklar\u0131nda olas\u0131 tehditleri tespit eder ve \u00f6nlem al\u0131r. <\/p>\n\n\n\n<p><strong>\u00dccretsiz HIPS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OSSEC<\/li>\n\n\n\n<li>Snort<\/li>\n\n\n\n<li>Suricata<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli HIPS \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Imunify360<\/li>\n\n\n\n<li>Trend Micro Deep Security<\/li>\n\n\n\n<li>McAfee Endpoint Security<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Network_Behavior_Analysis_NBA\"><\/span>Network Behavior Analysis (NBA)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Genel olarak DDoS t\u00fcr\u00fc sald\u0131r\u0131lar\u0131 \u00f6nlemek i\u00e7in kullan\u0131l\u0131r. Olas\u0131 tehditleri tespit etmek i\u00e7in d\u00fczenli olarak a\u011f trafi\u011fini izler. A\u011f trafi\u011finde DDoS benzeri anormal hareketler tespit etmesi halinde \u00f6nlem al\u0131r.<\/p>\n\n\n\n<p><strong>\u00dccretsiz NBA \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Security Onion<\/li>\n\n\n\n<li>Zeek<\/li>\n\n\n\n<li>Suricata<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00dccretli NBA \u00c7\u00f6z\u00fcmleri:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cisco StealthWatch<\/li>\n\n\n\n<li>AppNeta Performance Manager<\/li>\n\n\n\n<li>McAfee Network Threat Behavior Analysis<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IDSe_sahip_IPS_Cozumlerin_Avantajlari_Nelerdir\"><\/span>IDS&#8217;e sahip IPS \u00c7\u00f6z\u00fcmlerin Avantajlar\u0131 Nelerdir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>Kesintisiz koruma sa\u011flar:<\/strong> A\u011f trafi\u011fini s\u00fcrekli izleyerek potansiyel tehditleri analiz eder ve m\u00fcdahale eder. Bu sayede a\u011f ba\u011flant\u0131lar\u0131nda kesinti ya\u015fanma riski en aza indirgenir.<\/p>\n\n\n\n<p><strong>H\u0131zl\u0131 m\u00fcdahale eder:<\/strong> Tehditleri anl\u0131k olarak tespit eder ve an\u0131nda m\u00fcdahale eder.<\/p>\n\n\n\n<p><strong>A\u011f g\u00fcvenli\u011finde \u00f6nemli bir rol oynar:<\/strong> A\u011fda ya\u015fanabilecek \u00e7o\u011fu tehdit IPS taraf\u0131ndan tespit ederek \u00f6nleyebilir. Bu sayede a\u011f i\u00e7erisinde ya\u015fanabilecek riskler en aza indirgenir.<\/p>\n\n\n\n<p><strong>\u00d6zelle\u015ftirme yap\u0131labilir:<\/strong> Network altyap\u0131n\u0131za \u00f6zel g\u00fcvenlik politikalar\u0131 kurulabilir. <\/p>\n\n\n\n<p><strong>Operasyon zaman\u0131 ve maliyetlerinde tasarruf sa\u011flar:<\/strong> A\u011fda ya\u015fanabilecek tehditleri h\u0131zl\u0131 bir \u015fekilde tespit ederek \u00e7\u00f6z\u00fcmleyebildi\u011fi i\u00e7in hem zaman hem de IT operasyon maliyetlerinde tasarruf sa\u011flar.<\/p>\n\n\n\n<p><strong>Mevzuat uyumunu sa\u011flar:<\/strong> IDS gibi a\u011f g\u00fcvenli\u011fine ihtiya\u00e7 duyan IPS&#8217;de ISO, PCI DSS gibi standartlara ve 5651 say\u0131l\u0131 kanun gibi mevzuatlara uygundur. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IPSin_Dezavantajlari_Var_mi_Varsa_Nelerdir\"><\/span>IPS&#8217;in Dezavantajlar\u0131 Var m\u0131? Varsa Nelerdir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>Performans Sorunlar\u0131:<\/strong> E\u011fer y\u00fcksek bant geni\u015fli\u011fine sahipseniz, cihaz\u0131n\u0131z\u0131n veya yaz\u0131l\u0131m\u0131n\u0131z\u0131n ihtiya\u00e7 duyaca\u011f\u0131 kaynaklar da artacakt\u0131r. Bu da \u00e7\u00f6z\u00fcmdeki maliyetinizi art\u0131r\u0131r.<\/p>\n\n\n\n<p><strong>Olmamas\u0131 Gereken (False Positive) ve Olmas\u0131 Gereken (False Negative) Tespit:<\/strong> Hatal\u0131 tespitler en b\u00fcy\u00fck engel say\u0131labilir. Bu nedenle IPS yap\u0131s\u0131n\u0131 kurarken uzman deste\u011fi alarak detayl\u0131 kurgulanmas\u0131 gerekir. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IPS_ile_IDSin_Arasindaki_Farklar\"><\/span>IPS ile IDS&#8217;in Aras\u0131ndaki Farklar<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>IDS ve IPS sistemleri, a\u011f g\u00fcvenli\u011fi i\u00e7in farkl\u0131 ama\u00e7larla tasarlanm\u0131\u015f farkl\u0131 g\u00fcvenlik sistemleridir. IDS, sistem \u00fczerinde meydana gelen olaylar\u0131 analiz ederek sald\u0131r\u0131y\u0131 tespit etmek ve raporlamak \u00fczere tasarlanm\u0131\u015ft\u0131r. Bu nedenle IDS, sistemin olaylar\u0131 analiz ederek kullan\u0131c\u0131lar\u0131n bilgilendirilmesi, sald\u0131r\u0131lar hakk\u0131nda uyar\u0131 mesajlar\u0131 g\u00f6nderilmesi gibi daha pasif bir rol oynar.<br><br>IPS ise, IDS\u2019e g\u00f6re daha geli\u015fmi\u015f bir g\u00fcvenlik sistemi olarak a\u011f trafi\u011fine m\u00fcdahale etme yetene\u011fine sahipti\u011fr. G\u00f6m\u00fcl\u00fc IDS&#8217;e sahipse, a\u011f trafi\u011fini izleyerek sistemdeki sald\u0131rgan davran\u0131\u015flar\u0131 tespit etmeye ve engellemeye y\u00f6nelik olarak tasarlanan alternatiflere sahiptir. \u0130PS, tehditlerin tespit edilmesi d\u0131\u015f\u0131nda, bloke etme i\u015flemlerini ve otomatik bir \u015fekilde \u00f6nleme tedbirlerini uygular, bu nedenle daha y\u00fcksek kayna\u011fa ihtiya\u00e7 duyar. Bu nedenle, IDS, mevcut tehditlerin sadece tespiti i\u00e7in daha uygunken, IPS, tehditlerin tespit edilmesi ve \u00f6nlenmesi i\u00e7in bir ara\u00e7 olarak kullan\u0131labilir.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<p><strong><strong>Kaynaklar<\/strong><\/strong><br><a href=\"https:\/\/www.fortinet.com\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.fortinet.com\" rel=\"noreferrer noopener nofollow\">Fortigate<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A\u011f g\u00fcvenli\u011fini kontrol etmek ve korumak i\u00e7in baz\u0131 sistemler bulunuyor. Bu yaz\u0131m\u0131zda a\u011f g\u00fcvenli\u011fi i\u00e7in kullan\u0131lan sistemlerden olan IDS ve IPS hakk\u0131nda merak edilenleri sizinle payla\u015f\u0131yoruz.<\/p>\n","protected":false},"author":7,"featured_media":5044,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[138,145],"tags":[212,211],"class_list":["post-4983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bilim-ve-teknoloji-dunyasi","category-nedir-nasil","tag-ids","tag-ips"],"views":903,"_links":{"self":[{"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/posts\/4983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/comments?post=4983"}],"version-history":[{"count":54,"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/posts\/4983\/revisions"}],"predecessor-version":[{"id":5064,"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/posts\/4983\/revisions\/5064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/media\/5044"}],"wp:attachment":[{"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/media?parent=4983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/categories?post=4983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.domainhizmetleri.com\/blog\/wp-json\/wp\/v2\/tags?post=4983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}