HostedDB - Dedicated UNIX Servers

intrusion_16 ICSA, Inc. For more information, call 888-396-8348                 16 An Introduction to Intrusion Detection and Assessment Figure 3 – A process view of system security management Prevention covers those proactive measures taken by organizations to mitigate risks to their system security. Much of the classic, government-sponsored work in computer security addresses this area by focusing on the design and implementation of more secure operating systems and applications software. Also covered in “Prevention” includes security policy formation, encryption, strong identification and authentication, and firewalls. Functions in the detection phase are primarily provided by intrusion detection systems, although virus scanners also fall into this category. As pic- tured in the diagram, detection involves monitoring the targeted system(s), analyzing the information gathered for problems, then, based on the system settings, responding to the problems, reporting the problems, or both. The results of the detection process drive the other two stages of managing security, investigating problems that are discovered, documenting the cause of the problem, and either correcting the problem or devising a means of dealing with it should it occur again. A common vision for future intrusion detection systems is that of performing these last two stages automatically, or else per- forming the functions internal to detection so well that the need for the last two stages is virtu- ally eliminated. The combination of investigation and diagnosis/ resolution phases is often called Incident Response or Incident Handling. Organizations should specify policies, procedures, and practices to address this area, as it does the rest of security. DEBUNKING MARKETING HYPE – WHAT INTRUSION DETECTION SYSTEMS AND RELATED TECHNO- LOGIES CAN AND CANNOT DO Every new market suffers from exaggeration and misconception. Some of the claims made in mar- keting materials are reasonable and others are misleading. Herewith, a primer on how to read intrusion detection marketing literature. Realistic benefits They CAN lend a greater degree of integrity to the rest of your security infrastructure. Intrusion detection systems, because they monitor the operation of firewalls, encrypting routers, key management servers and files critical to other security mechanisms, provide additional layers of protection to a secured system. The strategy of a system attacker will often include attacking or otherwise nullifying security devices protecting the intended target. Intrusion detection systems can recognize these first hallmarks of attack, and potentially respond to them, mitigating damage. In addition, when these devices fail, due to configu- ration, attack, or user error, intrusion detection systems can recognize the problem and notify the right people. Prevention Investigation Diagnosis & Resolution IncidentHandling/ Response Detection s s Analyze s s Report s Respond s Monitor s