Chapter 7

Chapter 7 - Learning Objectives Upon completion of this...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd edition 2 Learning Objectives Upon completion of this material, you should be able to: Identify and describe the categories and operating models of intrusion detection systems Identify and describe honey pots, honey nets, and padded cell systems List and define the major categories of scanning and analysis tools, and describe the specific tools used within each of these categories Explain the various methods of access control, including the use of biometric access mechanisms
Background image of page 2
Principles of Information Security, 3rd edition 3 Introduction Intrusion: type of attack on information assets in which instigator attempts to gain entry into or disrupt system with harmful intent Incident response: identification of, classification of, response to, and recovery from an incident Intrusion prevention: consists of activities that seek to deter an intrusion from occurring
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd edition 4 Introduction (continued) Intrusion detection: consists of procedures and systems created and operated to detect system intrusions Intrusion reaction: encompasses actions an organization undertakes when intrusion event is detected Intrusion correction activities: finalize restoration of operations to a normal state
Background image of page 4
Principles of Information Security, 3rd edition 5 Intrusion Detection and Prevention Systems (IDSs and IPSs) Detects a violation of its configuration and activates alarm Many IDSs enable administrators to configure systems to notify them directly of trouble via e-mail or pagers Systems can also be configured to notify an external security service organization of a break-in
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd edition 6 IDPS Terminology Alert or alarm False attack stimulus False negative False positive Noise Site policy Site policy awareness True attack stimulus Confidence value Alarm filtering
Background image of page 6
Principles of Information Security, 3rd edition 7 Why Use an IDPS? Prevent problem behaviors by increasing the perceived risk of discovery and punishment Detect attacks and other security violations Detect and deal with preambles to attacks Document existing threat to an organization Act as quality control for security design and administration, especially of large and complex enterprises Provide useful information about intrusions that take place
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd edition 8 Types of IDP Systems IDSs operate as network-based or host-based All IDSs use one of three detection methods: Signature-based Statistical anomaly-based Stateful packet inspection
Background image of page 8
Principles of Information Security, 3rd edition 9
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd edition 10 Network-Based IDPS (NIDPS) Resides on computer or appliance connected to segment of an organization’s network; looks for signs of attacks When examining packets, a NIDPS looks for attack patterns
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 58

Chapter 7 - Learning Objectives Upon completion of this...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online