intrusion_12
ICSA, Inc.
For more information, call 888-396-8348 12
An Introduction to Intrusion Detection and Assessment
Vulnerability Assessment and
Intrusion Detection
Vulnerability assessment products (also known as
scanners) perform rigorous examinations of systems
in order to determine weaknesses that might allow
security violations. These products use two strat-
egies for performing these examinations. First,
passive, host-based mechanisms inspect system
configuration files for unwise settings, system
password files for weak passwords, and other system
objects for security policy violations. These checks
are followed, in most cases, by active, network-
based assessment, which reenact common intrusion
scripts, recording system responses to the scripts.
The results of vulnerability assessment tools repre-
sent a snapshot of system security at a point in
time. Although these systems cannot reliably detect
an attack in progress, they can determine that
an attack is possible, and furthermore, they can
sometimes determine that an attack has occurred.
Because they offer benefits that are similar to
those provided by intrusion detection systems,
we include them in the sphere of intrusion detec-
tion technologies and products.
Products Can Be Successfully Deployed
in Operational Environments
The objective of intrusion detection and vulner-
ability assessment is to make complex, tedious,
and sometimes virtually impossible system security
management functions possible for those who
are not security experts. Products are therefore
designed with user-friendly interfaces that assist
system administrators in their installation, con-
figuration, and use. Most products include infor-
mation about the problems they discover, including
how to correct these problems, and serve as valu-
able guidance for those whom need to improve
their security skills. Many vendors provide con-
sulting and integration services to assist customers
in successfully using their products to achieve
their security goals.