Professional Documents
Culture Documents
INTRUDER
An Intruder is a person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system. In summary, this person attempts to violate Security by interfering with system Availability, data Integrity or data Confidentiality.
INTRUSION
An intrusion is a deliberate, unauthorized attempt to access or manipulate information or system and to render them unreliable or unusable.
INTRUSION DETECTION
The detection of intrusions or intrusions attempts either manually or via software expert systems that operate on logs or other information available from the system or the network. Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. Intrusion detection functions include:
Monitoring and analyzing both user and system activities Analyzing system configurations and vulnerabilities Assessing system and file integrity Ability to recognize patterns typical of attacks Analysis of abnormal activity patterns Tracking user policy violations
CLASSES OF INTRUDERS The three classes of Intruders are, Masquerader Misfeasor Clandestine user
Masquerader An individual who is not authorized to use the computer and who pretends as systems access controls to exploit a legitimate users account. Misfeasor A Legitimate user who accesses data, programs or resources for which such access are not authorized for such access but misuses his or her privileges. Clandestine user An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection.
ANOMALY BASED IDS ANOMALY BASED IDS models the normal usage of the network as a noise characterization. Anything distinct from the noise is assumed to be an intrusion activity. E.g flooding a host with lots of packet.
Drawbacks
The kind of information needed to be logged in is a matter of experience. Unselective logging of messages may greatly increase the audit and analysis burdens. Selective logging runs the risk that attack manifestations could be missed.