---

---

ICSA, Inc. For more information, call 888-396-8348                 12 An Introduction to Intrusion Detection and Assessment Vulnerability Assessment and Intrusion Detection Vulnerability assessment products (also known as scanners) perform rigorous examinations of systems in order to determine weaknesses that might allow security violations. These products use two strat- egies for performing these examinations. First, passive, host-based mechanisms inspect system configuration files for unwise settings, system password files for weak passwords, and other system objects for security policy violations. These checks are followed, in most cases, by active, network- based assessment, which reenact common intrusion scripts, recording system responses to the scripts. The results of vulnerability assessment tools repre- sent a snapshot of system security at a point in time. Although these systems cannot reliably detect an attack in progress, they can determine that an attack is possible, and furthermore, they can sometimes determine that an attack has occurred. Because they offer benefits that are similar to those provided by intrusion detection systems, we include them in the sphere of intrusion detec- tion technologies and products. Products Can Be Successfully Deployed in Operational Environments The objective of intrusion detection and vulner- ability assessment is to make complex, tedious, and sometimes virtually impossible system security management functions possible for those who are not security experts. Products are therefore designed with user-friendly interfaces that assist system administrators in their installation, con- figuration, and use. Most products include infor- mation about the problems they discover, including how to correct these problems, and serve as valu- able guidance for those whom need to improve their security skills. Many vendors provide con- sulting and integration services to assist customers in successfully using their products to achieve their security goals.