chapter07 & 08 - Chapter 07 Principles of...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 07 Principles of Information Security, 3rd edition2 Protection of organizations IS assets requires a sound enterprise information security program consisting of several key components: People Technical Controls & Solutions (i.e., Firewalls, VPNs, Gateways, DMZ, Encryption, IDPS, etc) Governance ( ESP, Standards, & Procedures) BCP DRP Security Awareness Incident Planning (Detection , Response, & Recovery) Security Assessments & Risk Management Intrusion : type of attack on information assets in which instigator attempts to gain entry into or disrupt system with harmful intent Incident Response : identification of, classification of, response to, and recovery from an incident Intrusion Prevention : consists of activities that seek to deter an intrusion from occurringPrinciples of Information Security, 3rd edition6 Introduction (continued) Intrusion Detection : consists of procedures and systems created and operated to detect system intrusions Intrusion Reaction : encompasses actions an organization undertakes when intrusion event is detected Intrusion Correction Activities : finalize restoration of operations to a normal state Principles of Information Security, 3rd edition7 Anti-Intrusion Technologies IDS : A device that is used to detect unauthorized activities within the internal network or individual systems. IPS : A device that works to prevent unauthorized network access IDPS : Devices that are a combination of IDS and IPS. Detect a violation of its configuration, activate alarm, and prevent the intrusion from propagating or executing a successful attack.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Many IDPSs enable administrators to configure systems to notify them directly of trouble via e-mail or pagers IDPS can also be configured to notify an external security service organization of a ―break- in‖Principles of Information Security, 3rd edition8 IDPS Terminology Alert or alarm : An indication that a system has just been attacked and/or continues to be under attack. False attack stimulus : An event that triggers alarms and causes a false positive when no actual attacks are in progress. False negative : The failure of an IDS system to react to an actual attack event. False positive : An alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack. Internet Control Message Protocol ( ICMP ) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by networked computers' OS s to send error messages(indicating, that a requested service is not available or that a host or router could not be reached. Noise : The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks. Site Policy:
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/15/2012 for the course CIS CIS120 taught by Professor Zales during the Spring '12 term at Harrisburg Area Community College.

Page1 / 37

chapter07 & 08 - Chapter 07 Principles of...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online