chapter 7 - Chapter 7 Intrusion Detection and Prevention...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 7 Intrusion Detection and Prevention Systems Objectives After reading this chapter and completing the exercises, you will be able to: Describe the various technologies that are used to implement intrusion detection and prevention Define honey pots, honey nets, and padded cell systems Describe the technologies used to create honey pots, honey nets, and padded cell systems Intrusion Detection and Prevention An intrusion occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm. Even when such attacks are self-propagating, as in the case of viruses and distributed denial-of service attacks, they are almost always instigated by an individual whose purpose is to harm an organization Intrusion detection consists of procedures and systems that identify system intrusions. Intrusion reaction encompasses the actions that an organization takes when an intrusion is detected. Intrusion prevention consists of activities that deter an intrusion. Some important intrusion prevention activities are writing and implementing good enterprise information security policy, planning and performing effective information security programs, installing and testing technology-based information security countermeasures (such as firewalls and intrusion detection/prevention systems), and conducting and measuring the effectiveness of employee training and awareness activities. Information security intrusion detection systems (IDSs) became commercially available in the late 1990s. An IDS works like a burglar alarm in that it detects a violation (some system activity analogous to an open or broken window) and activates an alarm. A current extension of IDS technology is the intrusion prevention system (IPS) , which can detect an intrusion and also prevent that intrusion from successfully attacking the organization by means of an active response. Because the two systems often coexist, the combined term intrusion detection/prevention system (IDPS) is used to describe current anti-intrusion technologies. IDPS Terminology Alert or Alarm: An indication that a system has just been attacked and/or continues to be under attack. False Attack Stimulus: An event that triggers alarms and causes a false positive when no actual attacks are in progress. False Negative: The failure of an IDS system to react to an actual attack event. False Positive: An alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when, in fact, there has been no such attack. Noise: The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 10

chapter 7 - Chapter 7 Intrusion Detection and Prevention...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online