• Intrusion regarding the misuse of the system - these are the attacks carried out on the weak points of the system. That is, it is the attacks that exploit the system's vulnerabilities in order to misuse the system's functionalities. These attacks can be detected by monitoring the actions they take on assets to exploit their vulnerabilities;
• Intrusion as to the change of pattern - they are detected by monitoring the behavior of the network / system. Changes to previously established profiles are a sign of possible intrusion.
Having introduced the concept of intrusion, you can now explore the concepts of IDS.
IDS can be defined as software / hardware systems that automate the process of monitoring events that occur in computer systems, analyzing them based on signatures created from security problems (intrusions). This security mechanism basically serves to bring information about the network, such as, how many attack attempts (intrusion) were received per day and what type of attack was used.
According to Bace and Mell (2000), some aspects can be considered as motivators for the use of an IDS, as they can perform:
1. intimidation of users who seek to attack or misuse computer systems. The knowledge, on the part of those users, that the possibility of detecting attempts or attacks carried out can be a way of changing the behavior of those same users;
2. the detection of attacks and other types of security breaches that are not foreseen by other security mechanisms;
3. the existence of a documented history of the threats to the organization's information system with the organization;
4. acting as quality control for the project and the security administration, mainly in large and complex organizations;
5. improvements in the information on the intrusions that have occurred, which will serve as a reference to improve diagnostics, recovery and correction of existing failures.
Therefore, it can be concluded that the use of IDS will be one more mechanism which will help the organization that adopts them to know what is really going on in their network, helping them in decision making and activities to be carried out during or after a security incident in your information system.
Read More: managed ids ips services
google 4685
ReplyDeletegoogle 4686
google 4687
google 4688
google 4689