This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter 07 Principles of Information Security, 3rd edition2 Protection of organizations IS assets requires a sound enterprise information security program consisting of several key components: People Technical Controls & Solutions (i.e., Firewalls, VPNs, Gateways, DMZ, Encryption, IDPS, etc) Governance ( ESP, Standards, & Procedures) BCP DRP Security Awareness Incident Planning (Detection , Response, & Recovery) Security Assessments & Risk Management Intrusion : type of attack on information assets in which instigator attempts to gain entry into or disrupt system with harmful intent Incident Response : identification of, classification of, response to, and recovery from an incident Intrusion Prevention : consists of activities that seek to deter an intrusion from occurringPrinciples of Information Security, 3rd edition6 Introduction (continued) Intrusion Detection : consists of procedures and systems created and operated to detect system intrusions Intrusion Reaction : encompasses actions an organization undertakes when intrusion event is detected Intrusion Correction Activities : finalize restoration of operations to a normal state Principles of Information Security, 3rd edition7 Anti-Intrusion Technologies IDS : A device that is used to detect unauthorized activities within the internal network or individual systems. IPS : A device that works to prevent unauthorized network access IDPS : Devices that are a combination of IDS and IPS. Detect a violation of its configuration, activate alarm, and prevent the intrusion from propagating or executing a successful attack. Many IDPSs enable administrators to configure systems to notify them directly of trouble via e-mail or pagers IDPS can also be configured to notify an external security service organization of a “break- in”Principles of Information Security, 3rd edition8 IDPS Terminology Alert or alarm : An indication that a system has just been attacked and/or continues to be under attack. False attack stimulus : An event that triggers alarms and causes a false positive when no actual attacks are in progress. False negative : The failure of an IDS system to react to an actual attack event. False positive : An alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack. Internet Control Message Protocol ( ICMP ) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by networked computers' OS s to send error messages(indicating, that a requested service is not available or that a host or router could not be reached....
View Full Document
This note was uploaded on 03/15/2012 for the course CIS CIS120 taught by Professor Zales during the Spring '12 term at Harrisburg Area Community College.
- Spring '12
- Information Security