---

---

ICSA, Inc. For more information, call 888-396-8348                 4 An Introduction to Intrusion Detection and Assessment •  Tracing user activity from the point of entry to point of exit or impact •  Recognizing and reporting alterations to data files •  Spotting errors of system configuration and sometimes correcting them •  Recognizing specific types of attack and alerting appropriate staff for defensive responses •  Keeping system management personnel up to date on recent corrections to programs •  Allowing non-expert staff to contribute to system security •  Providing guidelines in establishing information-security policies Unrealistic expectations about intrusion-detection and vulnerability assessment products must be cor- rected: these products are not silver bullets and they •  cannot compensate for weak identification and authentication mechanisms •  cannot conduct investigations of attacks without human intervention •  cannot intuit the contents of your organizational security policy •  cannot compensate for weaknesses in network protocols •  cannot compensate for problems in the quality or integrity of information the system provides •  cannot analyze all of the traffic on a busy network •  cannot always deal with problems involving packet-level attacks •  cannot deal with modern network hardware and features