Chapter 7

Chapter 7 - 1 Learning Objectives: Upon completion of this...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Learning Objectives: Upon completion of this material, you should be able to: Identify and describe the categories and operating models of intrusion detection systems. Identify and describe honey pots, honey nets, and padded cell systems. List and define the major categories of scanning and analysis tools, and describe the specific tools used within each of these categories. Discuss various approaches to access control, including the use of biometric access mechanisms. 2
Background image of page 2
Introduction An intrusion is a type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operations of a system with, almost always, the intent to do malicious harm. Incident response is the identification of, classification of, response to, and recovery from an incident, and is frequently discussed in terms of prevention, detection, reaction and correction. Intrusion prevention consists of activities that seek to deter an intrusion from occurring. Intrusion detection consists of procedures and systems that are created and operated to detect system intrusions. Intrusion reaction encompasses the actions an organization undertakes when an intrusion event is detected intrusion event is detected. Intrusion correction activities finalize the restoration of operations to a normal state, and by seeking to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again, they return to intrusion prevention—thus closing the incident response loop. 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4
Background image of page 4
Intrusion Detection Systems (IDSs) An IDS detects a violation of its configuration and activates an alarm. System administrators can choose the configuration of the various alerts and the associated alarm levels for each type of alert. Many IDSs enable administrators to configure the systems to notify them directly of trouble via e-mail or pagers. The systems can also be configured to notify an external security service organization of a break-in. 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
IDS Terminology Alert or Alarm: An indication that a system has just been attacked and/or continues to be under attack. False Attack Stimulus: An event that triggers alarms and causes a false positive when no actual attacks are in progress. False Negative: The failure of an IDS system to react to an actual attack event. False Positive: An alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack. Noise: The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks. Site Policy: The rules and configuration guidelines governing the implementation and operation of IDSs within the organization. Site Policy Awareness: An IDS
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 58

Chapter 7 - 1 Learning Objectives: Upon completion of this...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online