473,385 Members | 2,014 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Intrusion Detection Strategies

Intrusion Detection Strategies
Until now, we’ve primarily discussed monitoring in how it relates to
intrusion detection, but there’s more to an overall intrusion
detection installation than monitoring alone. Monitoring can help you
spot problems in your network, as well as identify performance
problems, but watching every second of traffic that passes through
your network, manually searching for attacks, would be impossible.This
is why we need specialized network intrusion detection software.This
software inspects all network traffic, looking for potential attacks
and intrusions by comparing it to a predefined list of attack strings,
known as signatures. In this section, we will look at different
intrusion detection strategies and the role monitoring plays.We’ll
learn about different strategies designed for wireless networks, which
must take into account the nature of the attacks unique to the
medium.These include a lack of centralized control, lack of a defined
perimeter, the susceptibility to hijacking and spoofing, the use of
rogue APs, and a number of other features that intrusion detection
systems were not designed to accommodate. Only a combination of
factors we’ve discussed earlier, such as good initial design and
monitoring, can be combined with traditional intrusion detection
software to provide an overall effective package.

Integrated Security Monitoring
As discussed earlier, having monitoring built in to your network will
help the security process evolve seamlessly.Take advantage of built-in
logging-on network devices such as firewalls, DHCP servers, routers,
and even certain wireless APs. Information gathered from these sources
can help make sense of alerts generated from other intrusion detection
sources, and will help augment data collected for incidents.
Additionally, these logs should help you to manually spot unauthorized
traffic and MAC addresses on your network.

Beware of the Auto-responding Tools!
When designing your intrusion detection system, you will likely come
across a breed of tools, sometimes known as Intrusion Prevention
Systems. These systems are designed to automatically respond to
incidents. One popular package is called PortSentry. It will, upon
detection of a port scan, launch a script to react. Common reactions
include dropping the route to the host that has scanned you, or adding
firewall rules to block it. While this does provide instant protection
from the host that’s scanning you, and might seem like a great idea at
first, it creates a very dangerous denial of service potential. Using
a technique known as IP spoofing, an attacker who realizes PortSentry
is being used can send bogus packets that appear to be valid port
scans to your host. Your host will, of course, see the scan and react,
thinking the address that its coming from is something important to
you, such as your DNS server, or your upstream router. Now, network
connectivity to your host is seriously limited. If you do decide to
use autoresponsive tools, make sure you are careful to set them up in
ways that can’t be used against you.

Jul 24 '08 #1
0 1889

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: sreekanth.hari | last post by:
I have a seemingly tough assignment for my Senior Project. I need to develop an Intrusion Detection System. My approach is to parse the bash_history file of each user into a mysql database,...
by: Mickey Segal | last post by:
On comp.lang.java.programmer we are discussing problems created for Java programs by pop-up blockers (in the thread "showDocument blocked by new microsoft pop-up blocker"). Our problem is that...
by: R. Smits | last post by:
I've have got this script, the only thing I want to be changed is the first part. It has to detect IE version 6 instead of just "Microsoft Internet Explorer". Can somebody help me out? I tried...
by: Raffi | last post by:
Hi, We have a database application that runs in a popup Internet Explorer application window. The reason for this is to isolate the casual user from the address bar and the typical IE navigation...
by: tpawleska | last post by:
Anyone know of a good software for Intrusion Detection, I want something that will alert me when a user is locked out and keep a log. I need this for Sarbane's Oxley purposes.
by: lillykalai | last post by:
Hi, i like to do a project in network intrusion detection...whether it is easy to implement in java or C++...give ur valuable information and suggestions regarding this topic,it will be very...
by: olaolu143 | last post by:
Hello! I am doing my BSc Hons final year project in the above topic (Detecting Masquerading using Intrusion Detection System). Can you please give me any suggestions or materials to help me? ...
by: origami.takarana | last post by:
Dear Reader, Designing for Detection ---------------------------- - Get the right equipment from the start. Make sure all of the features you need, or will need, are available from the start....
by: Conrad Lender | last post by:
In a recent thread in this group, I said that in some cases object detection and feature tests weren't sufficient in the development of cross-browser applications, and that there were situations...
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.