|
Computers on Alert with Intrusion
Detection Systems
Integral to the strategy of an
enterprise security program is the implementation of an intrusion
detection system (IDS). But what exactly is meant by an intrusion
detection system? Basically, as a general definition, an intrusion
detection system is a system that alerts when the unauthorized
misuse and access to a computer system occurs. You can think of
them like home security and alarm systems except they are for
computers.
Some of the intrusion detection
systems will also activate a fallback or corrective procedure in
the event a threat is detected. There are many variations of
intrusion detection systems however for the most part they fit in
one of two main categories. The first category are the intrusion
detection systems that look for anomalies in system
behavior—anything out of the ordinary when compared with
day-to-day use. The second main category is detection of misuse.
To detect misuse, the activity must be matched up with behavior
that would indicate an attack. As you can imagine, intrusion
detection is a very complex science and much work has been put
into it.
Another category subordinate to an
intrusion detection system is known as NIDS or network intrusion
detection system. The network intrusion detection system’s main
function is to examine network packet traffic and raise warnings
if any activity indicating a possible threat occurring. Network
intrusion detection systems can monitor several computers or just
focus on a single computer.
Do you know who is accessing your
computer?
The biggest mistake people make when
the topic of software hackers comes up is that there is an
assumption that they are doing their deeds externally to the local
network. However the truth is that most security incidents
involving company computers comes from the employees. Employees on
the inside know more about how to get into the computer system and
in many cases they know passwords of other people within the
company.
Just how do the attackers get access
to a system?
Attackers or intruders into a system
will take the easiest route to get in first. The easiest route is
of course already having physical access to the enterprise system.
It’s hard to stop one who looks to the computer as a valid user of
the system because nothing wrong will be initially detected. Even
if a person has the lowest level of access to a system it can be a
plus because there is always a possibility that higher access can
get granted by searching for and detecting any holes in the
security profile for a user. And then there are those who access
systems remotely who have traditionally been high security risks.
Remote access security risk becomes less of an issue as remote
intrusion detection methods become more advanced.
Some Intrusion Detection Systems
(Open Source)
AIDE.
The acronym stands for the Advanced Intrusion Detection
Environment. It is the free substitute for another product known
as Tripwire. All of the same functionalities are present in
Tripwire (which is not free) are found in AIDE plus more have been
added. Their website can be found at
http://sourceforge.net/projects/aide.
Snort.
This intrusion detection system
implements its own language based on a set of rules. You can find
their product at
www.snort.org.
File System Saint.
This is an intrusion detection system
that is host-based. Its website can be found at
http://sourceforge.net/projects/fss.
More Intrusion Detection Systems
(Commercial)
Some of the commercial intrusion
detection systems include Tripwire (www.tripwire.com),
Touch Technology, Inc’s POLYCENTER Security Intrusion Detector (www.ttinet.com),
Internet Security System’s Real Secure Server Sensor (www.iss.net),
and eEye Digital Security’s Real Secure Server Sensor (www.iss.net).
Article Source:
http://www.spywaretool.com |
