Some of the different kinds of things that an Intrusion Detection System or IDS might detect would be looking in the context of the data, looking for attacks on your network for denial of service.
For an example, a Ping of Death shares this following parameters: It’s going to be a ping, but it’s going to have a super large packet size. So you can watch for that kind of traffic and take appropriate action against it.
Things like Port Sweeps. I can think of no reason, other than testing your network, to do a Port Sweep other than trying to find ways to break into your system.
SYN attacks and TCP hijacking fall into that same category. There would be no reason to do those other than to do malicious activity on your network. So you want to be able to watch for those.
For the content itself, you want to be able to look at DNS attacks. Internet Explorer attacks would be an example of content attack. And you want to do composite scans. You want to look for telnet attacks and character mode attacks. So these are all the kinds of things that we can be looking for on the network.
Active Audit
Authentication and authorization occur on the front end. Equally as important is the “back-end” side of security. Accounting is the systematic and dynamic verification that the security policy as defined is properly implemented. It provides assurance that the security policy is consistent and operating correctly.
Accounting enables customers to detect intrusion and network anomalies, misuse, and attacks. It also includes reporting the findings of the audit process.
Accounting should be handled by a system that is totally separate from the network security solutions that are installed. Currently, there aren’t many tools available for active audit, which explains why many companies hire outside auditors to check their security implementations.
For true security policy management on an company-wide basis, accounting capabilities must be in place and be applicable for all access ports, devices and media.
– SUMMARY –
- Security is a mission-critical business requirement for all networks
- Security requires a global, corporate-wide policy
- Security requires a multilayered implementation