intrusion_4
ICSA, Inc.
For more information, call 888-396-8348 4
An Introduction to Intrusion Detection and Assessment
Tracing user activity from the point of entry to point of exit or impact
Recognizing and reporting alterations to data files
Spotting errors of system configuration and sometimes correcting them
Recognizing specific types of attack and alerting appropriate staff for defensive responses
Keeping system management personnel up to date on recent corrections to programs
Allowing non-expert staff to contribute to system security
Providing guidelines in establishing information-security policies
Unrealistic expectations about intrusion-detection and vulnerability assessment products must be cor-
rected: these products are not silver bullets and they
cannot compensate for weak identification and authentication mechanisms
cannot conduct investigations of attacks without human intervention
cannot intuit the contents of your organizational security policy
cannot compensate for weaknesses in network protocols
cannot compensate for problems in the quality or integrity of information the system provides
cannot analyze all of the traffic on a busy network
cannot always deal with problems involving packet-level attacks
cannot deal with modern network hardware and features