Search your topic here

Intrusion terminology

RGPV: Network & Web Security: Unit 1


Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes refered to as scanning), which is a technology developed to assess the security of a computer system or network.

Intrusion Terminologies-

1.Alert\Alarm-  A signal suggesting that a system has been attacked.

2.Firewalls - The network security door. A firewall is not an IDS but their logs can provide valuable IDS information. A firewall works by blocking unwanted connections based on rules or criteria, such as source address, ports etc.

3.Appliance - Rather than install an IDS onto an existing system, ready built IDS appliances can be purchased which are usually rack mounted and only have to be plumbed into the network. Some examples of IDSs which are available as appliances are CaptIO, Cisco Secure IDS, OpenSnort, Dragon and SecureNetPro.

4.Attacks - Attacks can be considered attempts to penetrate a system or to circumvent a system's security in order to gain information, modify information or disrupt the intended functioning of the targeted network or system.

5.Evasion  - Evasion is the process of carrying out an attack without an IDS successfully detecting the attack. The trick is making the IDS to see one thing and the target host another. One form of evasion is to set different time to live (TTL) values for different packets.

6.True Positive-  A legitimate attack that triggers an  IDS to produce an alarm.

7. False Positive- An event signaling an IDS to produce an alarm when no attack has taken place.

8.False Negative- A failure of  an IDS to detect an actual attack.

9.True Negative-when  no  attack has taken  place and no alrm is raised.

10.Noise- Data  or interference that  can trigger  a false positive.

11.Alarm Filtering- The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.

12.Attacker or Intruder- An entity who tries to find  a way to gain an unauthorized access to information,inflict harm or engage in other malicious activities.

 An Intrusion  Detection  Systems  uses  one  of  two  detection techniques:

1.  Anomaly-based IDS-

A Anomaly-based IDS  determine normal network activity like what sort of bandwidth is     generally used, what protocols are used.what ports and devices generally connect to each other and alert the administrator or used when  traffic is detected which is anomalous(abnormal).

2.  Signature-based IDS-

Signature-based IDS monitors packets in the network and compares with preconfigured and   predetermined attack patterns known as signatures. The issue is that ther e will  be lag between  the new threat discovered and signature being applied in IDS  for detecting the threat.During this lag time your IDS will be unable to identify the threat.