intrusion_3
ICSA, Inc.
For more information, call 888-396-8348 3
An Introduction to Intrusion Detection and Assessment
Systems and networks are subject to electronic attacks. The increasingly frequent attacks on Internet-
visible systems are attempts to breach information security requirements for protection of data.
Vulnerability-assessment tools check systems and networks for system problems and configuration
errors that represent security vulnerabilities. Intrusion-detection systems collect information from a
variety of vantage points within computer systems and networks and analyze this information for
symptoms of security breaches. Both intrusion-detection and vulnerability-assessment technologies
allow organizations to protect themselves from losses associated with network security problems.
The market for intrusion-detection products, driven by reports of steadily increasing computer security
breaches, has grown from $40 million in 1997 to $100 million in 1998. Intrusion-detection is the
logical complement to network firewalls, extending the security management capabilities of system
administrators to include security audit, monitoring, attack recognition, and response.
Intrusion detection systems perform a variety of functions:
Monitoring and analysis of user and system activity
Auditing of system configurations and vulnerabilities
Assessing the integrity of critical system and data files
Recognition of activity patterns reflecting known attacks
Statistical analysis for abnormal activity patterns
Operating-system audit-trail management, with recognition of user activity reflecting policy
violations
Benefits of intrusion-detection and vulnerability-assessment products include the following:
Improving integrity of other parts of the information security infrastructure
Improved system monitoring
Executive Summary