|
"Early detection of an intrusion
is the key ."
|
|
|
Hackers
have become more and more sophisticated in their techniques. They often
will combine different attack methods, which will make detection even
more difficult.
From a network security perspective, simply monitoring
CPU usage, I/O usage, or file activity is not enough. The problem with
this type of monitoring is that attacks, even if detected, will
continue until someone intervenes.
Early detection of intrusions within a computer system has become a
difficult and daunting task. To help focus on a solution we need to
understand what we are protecting, and who the intruders are.
What are we protecting?
- Data
- Availability
- Privacy
Who are the
intruders?
- Hackers
- Thieves
Definition of
Intrusion
An intrusion can be defined as a subversion of security to gain access
to a system. This intrusion can use multiple attack methods and can
span long periods of time.
These unauthorized accesses to computer or network systems are often
designed to study the system’s weaknesses for future attacks.
Other forms of intrusions are aimed at limiting access or even
preventing access to computer systems or networks.
Methods of
Intrusions
The methods used by intruders can often contain any one, or even
combinations, of the following intrusion types:
– Distributed Denial of Service
– Trojan Horse
– Viruses and Worms
– P Spoofing
– Network/Port Scans
– Buffer Overflow
|
|
|
|
