Home » Security Basics

IDS Attack Detection

Published by: Security Basics

Some of the different kinds of things that an Intrusion Detection System or IDS might detect would be looking in the context of the data, looking for attacks on your network for denial of service.

For an example, a Ping of Death shares this following parameters: It’s going to be a ping, but it’s going to have a super large packet size. So you can watch for that kind of traffic and take appropriate action against it.

Things like Port Sweeps. I can think of no reason, other than testing your network, to do a Port Sweep other than trying to find ways to break into your system.

SYN attacks and TCP hijacking fall into that same category. There would be no reason to do those other than to do malicious activity on your network. So you want to be able to watch for those.

For the content itself, you want to be able to look at DNS attacks. Internet Explorer attacks would be an example of content attack. And you want to do composite scans. You want to look for telnet attacks and character mode attacks. So these are all the kinds of things that we can be looking for on the network.

Active Audit

Authentication and authorization occur on the front end. Equally as important is the “back-end” side of security. Accounting is the systematic and dynamic verification that the security policy as defined is properly implemented. It provides assurance that the security policy is consistent and operating correctly.

Accounting enables customers to detect intrusion and network anomalies, misuse, and attacks. It also includes reporting the findings of the audit process.

Accounting should be handled by a system that is totally separate from the network security solutions that are installed. Currently, there aren’t many tools available for active audit, which explains why many companies hire outside auditors to check their security implementations.

For true security policy management on an company-wide basis, accounting capabilities must be in place and be applicable for all access ports, devices and media.

 – SUMMARY – 

  • Security is a mission-critical business requirement for all networks
  • Security requires a global, corporate-wide policy
  • Security requires a multilayered implementation
0
Like this post? Please share to your friends:
Computer Network Tutorial
You may also like
Security Basics 0
Active Audit Network Vulnerability Assessment
Why Active Audit? Why is active audit necessary? Many companies rely on their perimeter
Security Basics 0
IKE—Internet Key Exchange
IPSec assumes that a security association or SA is in place, but does have
Security Basics 0
Performance Requirements in a Firewall and IPSec
High performance in a firewall is critical. This is driven not only by your
Security Basics 0
Packet-Filtering Routers
There are a few different types of firewalls. Here’s a little history. The traditional
Security Basics 0
Access Control Lists and Firewalls
Policy Enforcement Using Access Control Lists Now we’re going to look at policy enforcement
Security Basics 0
Integrity – Network Availability
Integrity Let’s look at some of the different integrity solutions. Integrity—Network Availability One of
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: