Intrusion Detection Systems - Intrusion detection systems are mechanisms for detecting unexpected or unauthorized activity on computer systems.
- Intrusion detection systems can be host-based or network-based.
- Signatures are pre-defined patterns used to spot malicious or suspicious traffic. They may be either content- or context-based.
- Anomaly-based IDSs look for activities that do not match “normal” patterns.
- Misuse-based IDSs match suspicious or malicious patterns using signatures.
- Some IDSs include prevention capabilities that automatically block suspicious or malicious traffic before it reaches its intended destination.
Honeypots - Honeypots are based on the concept of luring attackers away from legitimate systems by presenting more tempting or interesting systems that, in most cases, appear to be easy targets.
- Security personnel monitor traffic in and out of a honeypot to better identify potential attackers along with their tools and capabilities.
- Honeypots create virtual servers and services that offer inviting targets for potential attackers.
Incident Response - Incident response is the formalized response of reacting to a situation such as a security breach or system outage.
- While many incident response systems are based on threats from potential attackers, incident response can be used to deal with other situations such as virus outbreaks, hardware outages, and loss of network connectivity.
- Incident response requires procedures that outline steps to take for notification, analysis, and remediation.
|
