Intrusion
Detection and Protection
An Intrusion detection system (IDS) is a system dedicated
to sifting through enormous amounts of traffic to detect,
and in some cases, prevent an information system intrusion.
We have the experience and knowledge to help organizations
implement intrusion detection systems to meet their strategic
and tactical security requirements.
An Intrusion detection system (IDS) is a security control
and monitoring devices that are configured to enforce an organization's
security policy. How these systems are configured will have
a major impact on the number of attacks detected and the amount
of work that a security administrator must do to effectively
monitor the system. Intrusion detection systems are dependent
on monitoring, notification, and predefined procedures for
intervention.
Monitoring
IDS are prone to false positives. The idea is that if the
system does not report an intrusion attempt, what good is
it? So IDSs report on any possible attack on a network or
system. It is up to the security administrator to configure
the IDS to report only on attacks that could produce an intrusion.
That means that intrusion detection systems create a huge
volume of logs.
Notification
When an attack is detected in real time, how do you know?
The system should notify the administrator that a security
event is in progress. Most intrusion detection systems can
notify the administrator via pager, cell phone, SNMP alerts,
console messages, and email. If intrusion detection systems
are prone to false positives this means that notification
will be brisk!
Procedures
When an attack is detected, in real time, an notification
is sent; what happens next? Security organizations must react
to the threat of intrusion. The IDS can be configured to automatically
respond to some attacks by dynamically reconfiguring the firewall.
That's right! A system that is prone to false positives can
automatically reconfigure your firewall policy.
We have the skill, experience, and knowledge to help an organization
to successfully implement intrusion detection systems. We
can work with your security administrators to determine the
correct level of monitoring, determine the thresholds for
notifications, and help develop the procedures to respond
to dynamic threats.
File System Intrusion Detection
File system intrusion detection is based on the idea that
changes to systems should be monitored and tracked, whether
the changes are desired, not desired, accidental, benign,
malicious, intentional, or originating from internal or external
sources. These changes can be profound or subtle. File system
intrusion detection seeks to track changes on a system, including
where and when the changes were made.
The operating system files, utilities, programs, and applications
should not change unless there is an upgrade or reconfiguration.
Log files should only get larger unless trimmed by the system
administrator. Changes to file systems can indicate unauthorized
activity on a system including hosts, servers, network devices,
and firewalls.
File system intrusion detection provides the ability to track
and monitor these changes and can provide the following benefits:
Indication of unauthorized access
Detection of system intrusion
Detection of file system integrity problems including corrupted
files, improperly set permissions, viruses, worms, Trojan
horses, defacements.
Monitoring of changes on a system.
Integrity, accountability, availability, and visibility
© 2003 Hudson Business Networks
|
