HostedDB - Dedicated UNIX Servers
intrusion_9 ICSA, Inc. For more information, call 888-396-8348                 9 An Introduction to Intrusion Detection and Assessment INTRODUCTION Intrusion detection systems help computer systems prepare for and deal with attacks. They collect infor- mation from a variety of vantage points within computer systems and networks, and analyze this information for symptoms of security problems. Vulnerability Assessment systems check systems and networks for system problems and configu- ration errors that represent security vulnerabili- ties. Both intrusion detection and vulnerability assessment technologies allow organizations to protect themselves from losses associated with network security problems. This document explains how intrusion detection and vulnerability assessment products fit into the overall framework of security products. It includes case histories outlining scenarios in which the products have been used by customer organiza- tions. Finally, the concepts and definitions section provides information about product features, explaining why they represent effective counter- measures to hacking and misuse. Protecting critical information systems and net- works is a complex operation, with many tradeoffs and considerations. The effectiveness of any security solution strategy depends on selecting the right products with the right combination of features for the system environment one wishes to protect. In this document, we provide the information one needs in order to be a savvy consumer in the areas of intrusion detection and vulnerability assessment. Definitions It is important the reader understand the following terms used in this paper: Network Security is the property of computer systems and networks that specifies that the systems in question and their elements can be trusted to act as expected in safeguarding their owners’ and users’ information. The goals of security include confidentiality (ensuring only authorized users can read or copy a given file or object), control (only authorized users can decide when to allow access to information), integrity (only authorized users can alter or delete a given file or object), authenticity (correctness of attribution or descrip- tion), availability (no unauthorized user can deny authorized users timely access to files or other system resources), and utility (fitness for a speci- fied purpose). Intrusion Detection systems collect information from a variety of system and network sources, then analyze the information for signs of intrusion (attacks coming from outside the organization) and misuse (attacks originating inside the organi- zation.) Vulnerability Assessment  (scanners) performs rigorous examinations of systems in order to locate problems that represent security vulner- abilities. Security vulnerabilities are features or errors in system software or configuration that increase the likelihood of damage from attackers, acci- dents or errors. Security Policy is the statement of an organization’s posture towards security. It states what an organi- zation considers to be valuable, and specifies how the things of value are to be protected. In practical use, security policies are coarse grained (i.e., gener- alized statements that apply to the organization as a whole) and drive finer-grained procedures, guidelines, and practices, which specify how the policy is to be implemented at group, office, net- work, and system, and user levels.