IT Governance, Risk, and Compliance

Nov 29 2012   1:41AM GMT

Network Infrastructure Security: Intrusion Detection Systems – Part III

Robert Davis Robert Davis Profile: Robert Davis

 

Deployed intrusion detection solutions are not a substitute for firewalls; although they usually complement the function of firewalls. Commonly, a deployed IDS inspects computer activity to identify suspicious patterns that may indicate an attack from hackers or crackers utilizing vulnerability assessment software. There are several categories for IDS inspection including misuse, anomaly, host-based, and network-based detection. Each IDS classification relies on analytical information to determine reportable conditions, such as signatures, protocols, profiles, and/or statistical patterns.

Generally, intrusion detection systems have passive and active components. Passive procedures normally encompass: inspection of system configuration files to expose inadvisable settings; inspection of password files to indicate imprudent pass-codes; and inspection of other system areas to detect policy violations. Whereas, active procedures usually accommodate: mechanisms to ascertain known methods of attack; mechanisms to log-off users; mechanisms to reprogram the firewall; and mechanisms to log system responses.

 

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: