intrusion_9
ICSA, Inc.
For more information, call 888-396-8348 9
An Introduction to Intrusion Detection and Assessment
INTRODUCTION
Intrusion detection systems help computer systems
prepare for and deal with attacks. They collect infor-
mation from a variety of vantage points within
computer systems and networks, and analyze this
information for symptoms of security problems.
Vulnerability Assessment systems check systems
and networks for system problems and configu-
ration errors that represent security vulnerabili-
ties. Both intrusion detection and vulnerability
assessment technologies allow organizations to
protect themselves from losses associated with
network security problems.
This document explains how intrusion detection
and vulnerability assessment products fit into the
overall framework of security products. It includes
case histories outlining scenarios in which the
products have been used by customer organiza-
tions. Finally, the concepts and definitions section
provides information about product features,
explaining why they represent effective counter-
measures to hacking and misuse.
Protecting critical information systems and net-
works is a complex operation, with many tradeoffs
and considerations. The effectiveness of any security
solution strategy depends on selecting the right
products with the right combination of features
for the system environment one wishes to protect.
In this document, we provide the information
one needs in order to be a savvy consumer in
the areas of intrusion detection and vulnerability
assessment.
Definitions
It is important the reader understand the following
terms used in this paper:
Network Security is the property of computer
systems and networks that specifies that the systems
in question and their elements can be trusted to
act as expected in safeguarding their owners and
users information. The goals of security include
confidentiality (ensuring only authorized users
can read or copy a given file or object), control
(only authorized users can decide when to allow
access to information), integrity (only authorized
users can alter or delete a given file or object),
authenticity (correctness of attribution or descrip-
tion), availability (no unauthorized user can deny
authorized users timely access to files or other
system resources), and utility (fitness for a speci-
fied purpose).
Intrusion Detection systems collect information
from a variety of system and network sources,
then analyze the information for signs of intrusion
(attacks coming from outside the organization)
and misuse (attacks originating inside the organi-
zation.)
Vulnerability Assessment (scanners) performs
rigorous examinations of systems in order to
locate problems that represent security vulner-
abilities.
Security vulnerabilities are features or errors in
system software or configuration that increase
the likelihood of damage from attackers, acci-
dents or errors.
Security Policy is the statement of an organizations
posture towards security. It states what an organi-
zation considers to be valuable, and specifies how
the things of value are to be protected. In practical
use, security policies are coarse grained (i.e., gener-
alized statements that apply to the organization
as a whole) and drive finer-grained procedures,
guidelines, and practices, which specify how the
policy is to be implemented at group, office, net-
work, and system, and user levels.