Outline chapter 7 - Outline chapter 7 INTRUSION INTRUSION...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Outline chapter 7 INTRUSION Occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the internet to do harm 289 INTRUSION PREVENTION Consists of activities that deter an intrusion. Some important intrusion prevention activities are writing and implementing good enterprise information security policy, planning and performing effective information security programs. . INTRUSION DETECTION Consists of procedures and systems that identify system intrusions. INTRUSION REACTION Encompasses the actions an organization takes when an intrusion is detected. These actions seek to limit the loss from an intrusion, and return operations to a normal state as rapidly as possible. INTRUSION CORRECTION Activities finalize the restoration of operations to a normal state, and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again, thus reinitiating intrusion prevention. INTRUSION PREVENTION (IPS) A current extension of IDS technology, which can detect an intrusion, and also prevent that intrusion from successfully attacking the organization by means of an active response. INTRUSION DETECTION/PREVENTION SYSTEM (IDPS) Can be used to describe current anti-intrusion technologies. ALERT OR ALARM 290 EVASION FALSE ATTACK STIMULUS FALSE NEGATIVE FALSE POSITIVE NOISE SITE POLICY SITE POLICY AWARENESS TRUE ATTACK STIMULUS TUNING CONFIDENCE VALUE ALARM FILTERING ALARM CLUSTERING AND COMPACTION DOORKNOB RATTILING FOOTPRINTING, FINGERPRINTING 292 IPS AND IDS Difference
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
TYPES OF IDP SYSTEMS Wireless IDPS and Network Behavior analysis (NBA) IDPS. The wireless IDPS focuses on wireless networks , as the time indicates, while the NBA IDPS examines traffic flow on a network in an attempt to recognize abnormal patterns like DDoS , malware and policy violations. 293 NETWORK-BASED IDPS Resides on a computer or appliance connected to a segment of an organization’s network and monitors network traffic on that network segment, looking for indications of ongoing or successful attack 294 MONITORING PORT Also known as a switched port analysis (SPAN) port or mirror port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. 294 PROTOCOL STACK VERIFICATION The NIDPS look for invalid data packets that is, packets that are malformed under the rules of the TCP/IP protocol. A data packet is verified when its configured matches that defined by the various Internet protocols. 294 APPLICATION PROTOCOL VERIFICATION The higher-order protocols (HTTP,FTP and Telnet) are examined for unexpected packed behavior, or improper use. Sometimes an attack uses valid protocol packets but in excessive quantities ( in the case of the Tiny Fragment Packed attack, the packets are also excessively fragmented). The advantages of NIDPSs, taken from Bace and Mell (296) 295 WIRELESS NIDPS A wireless IPDS monitors and analyzes wireless network traffic
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/15/2012 for the course CIS CIS120 taught by Professor Zales during the Spring '12 term at Harrisburg Area Community College.

Page1 / 7

Outline chapter 7 - Outline chapter 7 INTRUSION INTRUSION...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online