Chapter 10.
Intrusion Detection
Valuable property needs to be protected from the prospect of theft and destruction. Modern homes are
equipped with alarm systems that can deter burglars, notify authorities when a break in has occurred,
and even warn owners when their home is on fire. Such measures are necessary to assure the integrity
of homes and the safety of homeowners.
The same assurance of integrity and safety should also be applied to computer systems and data. The
Internet has facilitated the flow of information, from the personal to the financial. At the same time,
it has fostered just as many dangers. Malicious users and crackers seek vulnerable targets such as
unpatched systems, systems infected with trojans, and networks running insecure services. Alarms
are needed to notify administrators and security team members that an breach has taken place so that
they can respond in real time to the threat. Intrusion detection systems have been designed as such a
warning system.
10.1. Defining Intrusion Detection Systems
An intrusion detection system (IDS) is an active process or device that analyzes system and network
activity for unauthorized entry and/or malicious activity. The way that the IDS detects anomalies can
vary widely; however, the aims are the same   catch perpetrators in the act before they do real damage
to your resources.
IDSes protect a system from attack, misuse, and compromise. It can also monitor network activity,
audit network and and system configuration for vulnerabilities, analyze data integrity, and more. De 
pending on the detection methods you choose to deploy, there are several direct and incidental benefits
to using an IDS.
10.1.1. IDS Types
Understanding what an IDS is and the functions it provides is key in determining what type would be
appropriate to include in your computer security policy. This section will discuss the concepts behind
IDSes, the functionalities of each type of IDS, and the emergence of hybrid IDSes that employ several
detection techniques and tools in one package.
Some IDSes are knowledge based, which preemptively alert security administrators before an intru 
sion occurs using a database of common attacks. Alternatively, there are behavioral IDSes that track
all resource usage for anomalies, which is usually a positive sign of malicious activity. Some ID 
Ses are standalone services that work in the background and passively listen for activity, logging any
suspicious packets from the outside. Others mix standard system tools, modified configurations, and
verbose logging with administrator intuition and experience to create a powerful intrusion detection
kit. Evaluating the many intrusion detection techniques can assist in finding one that is right for your
organization.
10.2. Host based IDS
A host based IDS analyzes several areas to determine misuse (malicious or abusive activity inside
the network) or intrusion (breaches from the outside). Host based IDSes consult several types of log
files (kernel, system, server, network, firewall, and more), and compare the logs against an internal
database of common signatures for known attacks. Unix and Linux host based IDSes make heavy use
of
syslog
and its ability to separate logged events by their severity and functionality (for example,
printer error messages versus kernel warnings). The IDS will filter logs (which, in the case of some






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved