11-08-2012, 03:54 PM
INTRUSION DETECTION SYSTEMS (IDS)
[attachment=31168]
Intrusion Detection Definition:
Defined by ICSA as:
The detection of intrusions or intrusions attempts either manually or via software expert systems that operate on logs or other information available from the system or the network.
An intrusion is a deliberate, unauthorized attempt to access or manipulate information or system and to render them unreliable or unusable.
When suspicious activity is from your internal network it can also be classified as misuse
The Puzzle
Intrusion Detection Systems are only one piece of the whole security puzzle
IDS must be supplemented by other security and protection mechanisms
They are a very important part of your security architecture but does not solve all your problems
Part of “Defense in depth”
Current State of IDS
Lots of people are still using Firewall and Router logs for Intrusion Detection (Home Brew)
IDS are not very mature
Mostly signature based
It is a quickly evolving domain
Giant leap and progress every quarter
As stated by Bruce Schneier in his book ‘Secret and Lies in a digital world’:
Frequency vs Difficulty level
The frequency of probes, attacks, or intrusions attempts is inversely proportional to the difficulty level required to perform such attacks.
A clear trend has been identified over the past 3 years. Graphical tools that are getting very sophisticated have replaced the combersome command line utilities.
They are now available for Windows as well as other platforms.
It is no longer necessary to have any computer knowledge to break through defense mechanisms that are not properly maintained.
[attachment=31168]
Intrusion Detection Definition:
Defined by ICSA as:
The detection of intrusions or intrusions attempts either manually or via software expert systems that operate on logs or other information available from the system or the network.
An intrusion is a deliberate, unauthorized attempt to access or manipulate information or system and to render them unreliable or unusable.
When suspicious activity is from your internal network it can also be classified as misuse
The Puzzle
Intrusion Detection Systems are only one piece of the whole security puzzle
IDS must be supplemented by other security and protection mechanisms
They are a very important part of your security architecture but does not solve all your problems
Part of “Defense in depth”
Current State of IDS
Lots of people are still using Firewall and Router logs for Intrusion Detection (Home Brew)
IDS are not very mature
Mostly signature based
It is a quickly evolving domain
Giant leap and progress every quarter
As stated by Bruce Schneier in his book ‘Secret and Lies in a digital world’:
Frequency vs Difficulty level
The frequency of probes, attacks, or intrusions attempts is inversely proportional to the difficulty level required to perform such attacks.
A clear trend has been identified over the past 3 years. Graphical tools that are getting very sophisticated have replaced the combersome command line utilities.
They are now available for Windows as well as other platforms.
It is no longer necessary to have any computer knowledge to break through defense mechanisms that are not properly maintained.