click to print
Detecting
Intrusions

Summary

No matter how good your defenses, eventually a hacker will break through. How will you know when this happens? How will you catch the villain red-handed? Intrusion detection technologies can help spot hackers during and after the fact. Some of the tools can even identify places a hacker might attack before anything bad happens.

Key Points

  • Properly deploying an intrusion detection system (IDS) is a massive undertaking that can only succeed if the organization has a compatible security philosophy and policies.
  • Regardless of the marketing, intrusion detection systems are tools for experienced network administrators—not solutions that automatically solve problems on their own.
  • Some hackers are people, but most are actually computer programs.
  • Most intrusion detection systems are designed to catch people hackers, but end up being optimized to catch program hackers.
  • As used in practice, intrusion detection systems are glorified virus scanners (and we all know how effective those are).

Connections

Detecting intrusions can only be accomplished with persistence and consistency. The technologies covered here can help to verify the integrity of systems and data and detect if an intrusion has taken place.

  • File Integrity looks at tools can detect unauthorized modifications to critical system files and data.

  • Viruses and Trojans covers malicious applications intended to give third parties some form of control over remote computer systems.

  • Network Scanners describes programs that examine critical network systems services for configuration errors and vulnerabilities.

  • Network Sniffers captures network traffic for the purpose of analysis and intrusion detection.

  • Logging and Analysis explores gathering and analyzing diagnostic status information from network devices and software.

  • Computer Forensics (web bonus) explores tools that help keep an articulate record of what goes in and out of a system or network, which can help recreate past usage history of computer systems.