Intrusion Detection

Intrusion Detection

In Cybersecurity by Ian CarnaghanLeave a Comment

Intrusion Detection is the process of monitoring an information system in order to determine if any action is being performed with malicious or otherwise cause that may negatively affect its availability, confidentiality or integrity of data contained within.  In order to get started with intrusion detection, it is important to first of all gain an understanding of what an intrusion might look like and how it might impact a system or network.  Vacca (2013) classifies intrusions into different categories including but not limited to:

  • Physical Theft: Stealing any form of digital assets within a system.
  • Abuse of Privileges: These consist of threats from within an organization, where the employee population is the source of potential malicious insiders. Conrad et al (2009)
  • Unauthorized Access by Outsider: Anyone who does not have permission to access a given set of resources and gets around this through methods of social engineering or exploiting system vulnerabilities.
  • Malware: There are various different types of malicious code that can be used by attackers to gain access, cause harm to and / or steal digital assets.

Secondly, after gaining a solid understanding of the various types of intrusion, it is important to ascertain how attacks commonly occur and through what means in terms of technology.  An understanding of the available technologies that perform intrusion detection is also vital.  The Internet Protocol Suite, often referred to as TCP/IP (Transmission Control Protocol & Internet Protocol) is the most commonly used protocol suite and as such almost all attacks seen today are launched over a TCP/IP network.  Vacca (2013).

Next we need to look at the technology used to detect such attacks are typically designed for TCP/IP networks, which include various forms of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).  IDS and IPS are two of the most common technologies that can be effectively managed on a network to monitor and prevent unauthorized access or attacks.   According to Bass (2000) IDS are “primarily designed to protect the availability, confidentiality and integrity of critical information infrastructures.”  There has been a blurred line in recent years between the concepts of IDS and IPS as quite often they are integrated or deployed as a single unit or appliance.  There are a number of Intrusion Detection and Prevention Technologies.  These include anti-malware software, network-based IDS and IPS, and host-based IPS.  It is important to research and understand the applicability of each within any given type of network or organization.

By gaining a better understanding of the various types of intrusions, how they occur through the Internet Protocol Suite, and the types of technology we can use to detect them, this will provide a solid foundation on intrusion detection.  It is important however to understand the unique needs and structure of your own business model and network in order to apply effective strategies within the organization to detect and prevent intrusions.  An ongoing security policy should be part of any initiative within the organization’s approach to intrusion detection.

References:

Bass, T. (2000). Intrusion detection systems and multisensory data fusion. ACM, 43(4):99{105, 2000.

Conrad, S., H., Durán, F., A., Conrad, G., N., Duggan, D., P., & Held, E., B. (2009). Proceedings for the 2009 int’l system dynamics conference: modeling the employee life cycle to address the insider threat.

Vacca, J. (2013). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann Publications

Series NavigationHoneypots: To Lure or Not To Lure >>

Share

Leave a Comment

CommentLuv badge