|
“ZAMONAVIY TA‟LIM TIZIMINI RIVOJLANTIRISH VA UNGA QARATILGAN KREATIV G‟OYALARBog'liq 63ed0704130b8 19 respublika ilmiy onlayn 10-TA шахриёр диссертация, МАЖМУА 2022-23, 1-qoldirilgan dars maruza, Лабаротория № 2, togri javoblar, Erkinov Muhammadali, fizika 2 mavzu 10, KATTA ASHULA VA UNING IJROCHILIK ANANALARI, Sobirjon KURS ISHI, 3-topshiriq, IQTISODIYOTDA AXBOROT-KOMMUNIKATSIYA TEXNOLOGIYALAR VA TIZIMLAR“ZAMONAVIY TA‟LIM TIZIMINI RIVOJLANTIRISH VA UNGA QARATILGAN KREATIV G‟OYALAR,
TAKLIFLAR VA YECHIMLAR” MAVZUSIDAGI 19-SONLI RESPUBLIKA ILMIY-AMALIY ON-LINE
KONFERENSIYASI
www
.
bestpublishing.
org
166
sequence of actions in breach is known) and protect its completeness. A review of the
breach sequence will identify vulnerabilities in the services, locate the culprit, determine the
amount and area of damage, and return to normal operation.
The task of the audit is to identify attempts to violate information security. Until now,
the term audit has been used to refer to the review of various reports and documents to
determine whether they are flawed. That is, an analysis of what happened would lead to a
conclusion. The essence of the audit we are discussing is a bit different, because it is related
to the operation of automated systems. The audit of systems is carried out in two different
ways - periodically, ie in a passive manner, after a certain period of time, when the account
of events that took place during this period is analyzed and conclusions are presented, in the
active form, each the current shocks are analyzed and the necessary recommendations or
notifications are generated. For example, during the Soviet era, the reason for exposing the
activities of German hackers working on behalf of the KGB secret service was to check that
the daily reports of a large computer center differed by a few cents each day. Once more
vulnerabilities are identified, it increases the effectiveness of the ability to address the
system by repeatedly reconfiguring and rebuilding and performing performance checks.
III. RESULTS
The first and second types of errors in relation to active audit tools are: missed attacks
or unnecessary bells, respectively. The first type of mistake is not to mention how
undesirable it is to miss an attack, but the second is a very unpleasant situation. Because it
wastes valuable time and money, distracts from important tasks, and possibly misses a new
attack. The advantage of the signaling method is that it is fast, leads to less errors of the
second type, and the conclusions are based. The main drawback is that it does not recognize
new attacks and old ones. Signature method is universal, based on conclusions, and has the
ability to recognize attacks in an unfamiliar way, which reduces the first type of error.
IV. DISCUSSION
Active audit tools can be located in any part of the security system - detecting
suspicious activity at points of connection to the external network at the border (not only to
try to gain unauthorized access, but also to determine the capabilities of security services). It
can stop suspicious actions of internal and external customers, detect security problems in
the operation of services or problems with hardware and software, and protect them from
possible attacks. However, despite the fact that active auditing has been developing for ten
or fifteen years, it is still circulating.
V. CONCLUSION
There are transition cases. Although it was initially possible to quickly identify similar
attacks, now there are many problems in detecting previously unknown-looking attacks,
distributed and time-lapse, and other similar attacks. it has been. It is unlikely that a solution
will be found in the near future. Fighting by filling out the signature database on time alone
will not be the solution. Nevertheless, active audit is one of the important layers of layer-by-
layer proction.
|
| |
