System Intrusion Detection and Prevention
The psychology and politics of ownership have historically dictated that individuals and groups tend to protect valuable resources. This grew out of the fact that once a resource has been judged to have value, no matter how much protection given to it, th
- PDF / 428,139 Bytes
- 27 Pages / 439.37 x 666.142 pts Page_size
- 75 Downloads / 195 Views
13.1
13
Definition
The psychology and politics of ownership have historically dictated that individuals and groups tend to protect valuable resources. This grew out of the fact that once a resource has been judged to have value, no matter how much protection given to it, there is always a potential that the security provided for the resource will at some point fail. This notion has driven the concept of system security and defined the disciplines of computer and computer network security. Computer network security is made up of three principles: prevention, detection, and response. Although these three are fundamental ingredients of security, most resources have been devoted to detection and prevention because if we are able to detect all security threats and prevent them, then there is no need for response. Intrusion detection is a technique of detecting unauthorized access to a computer system or a computer network. An intrusion into a system is an attempt by an outsider to the system to illegally gain access to the system. Intrusion prevention, on the other hand, is the art of preventing an unauthorized access of a system’s resources. The two processes are related in a sense that while intrusion detection passively detects system intrusions, intrusion prevention actively filters network traffic to prevent intrusion attempts. For the rest of the chapter, let us focus on these two processes.
13.2
Intrusion Detection
The notion of intrusion detection in computer networks is a new phenomenon born, according to many, from a 1980 James Anderson’s paper, “Computer Security Threat Monitoring and Surveillance.” In that paper, Anderson noted that computer audit trails contained vital information that could be valuable in tracking misuse and understanding user behavior. The paper, therefore, introduced the concept of # Springer International Publishing AG 2017 J.M. Kizza, Guide to Computer Network Security, Computer Communications and Networks, DOI 10.1007/978-3-319-55606-2_13
275
276
13 System Intrusion Detection and Prevention
“detecting” misuse and specific user events and has prompted the development of intrusion detection systems. An intrusion is a deliberate unauthorized attempt, successful or not, to break into, access, manipulate, or misuse some valuable property and where the misuse may result into or render the property unreliable or unusable. The person who intrudes is an intruder. Aurobindo Sundaram [1] divides intrusions into six types as follows: • Attempted break-ins, which are detected by atypical behavior profiles or violations of security constraints. An intrusion detection system for this type is called anomaly-based IDS. • Masquerade attacks, which are detected by atypical behavior profiles or violations of security constraints. These intrusions are also detected using anomaly-based IDS. • Penetrations of the security control system, which are detected by monitoring for specific patterns of activity. • Leakage, which is detected by atypical use of system resources. • Denial of service, which
Data Loading...
