This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 12/19/2010 1 Unit 7: Audit and Intrusion Unit 7: Audit and Intrusion Detection Detection Part 2 Click Here to Start Audio Security Audit Analysis Security Audit Analysis (FAU_SAA) (FAU_SAA) c Analyze Audit Information Looking for Security Violations c FAU_SAA.1: Fixed Rule Set c FAU_SAA.2 Profile Based on User Profile c FAU_SAA.3 Simple Attack Heuristics - Signature Events c FAU_SAA.4 Complex Attack Heuristics - Multi-step Intrusion Scenarios Intrusion Detection Intrusion Detection Methodologies Methodologies c Attack Profile - Looks for specific known attack profiles (FAU_SAA.1, 3,4) c Behavior Profile - Application behavior is profiled over time and then abnormalities can be detected (FAU_SAA.2). 12/19/2010 2 Attack Attack-Based Intrusion Based Intrusion Detection Systems Detection Systems c Many Widely Available c Most Focus on Network Penetration Attacks (e.g., Firewalls) Microsoft’s Internet Security Microsoft’s Internet Security Acceleration(ISA) Server Acceleration(ISA) Server...
View Full Document
- Spring '11
- Denial-of-service attack, intrusion detection, Denial-of-service attacks, AUDIT REVIEW