mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-27 23:04:05 -06:00
vault backup: 2022-09-15 21:32:40
This commit is contained in:
Jet Hughes
parent
1082b8983b
commit
9705fe7efd
@ -6,7 +6,7 @@ tags:
|
||||
- lecture
|
||||
---
|
||||
|
||||
|
||||
# Intrusion detection cont.
|
||||
## Auditing
|
||||
a thorough prces of investiagtina nd analaysing aa system for vilnerabilities
|
||||
- e.g., pen testing
|
||||
@ -21,6 +21,47 @@ protect aginst network intrusions
|
||||
- mandatory access control on routers
|
||||
- mandatory access control
|
||||
- e.g., block a netork port
|
||||
- block icmp p
|
||||
- block icmp packets (some sytems are vulnerable)
|
||||
- application level filtering for desktop systems
|
||||
- provide altering and logging (avoid crying wolf)
|
||||
- finer grained control for linking rules to applications themselves (processes)
|
||||
- router doesn't know about applications
|
||||
- may not trust an aplication to connect o a web server but do trust other.
|
||||
- dont have to block everything on that webserver
|
||||
- provide altering and logging (avoid crying wolf)
|
||||
- "end user alert fatigue"
|
||||
|
||||
> northcutt and novak - network intrusion detection
|
||||
|
||||
|
||||
## Intrustion detection systems
|
||||
- often bundled with commercial routers, network storage devices (NAS, SAN) - "cloud storage within organisation"
|
||||
- can also be host based (HIDS) "situated aroud network"
|
||||
- intrusion can be identified by know signatures (like pattern-based virus scanners)
|
||||
- can also be anomaly-based (using heuristics)
|
||||
|
||||
## other intrusion detection topics
|
||||
- file integrity checking
|
||||
- hash checking to detect changes
|
||||
- backup and recovery
|
||||
|
||||
## keeping up to date with vulnerabilites
|
||||
- CERT NZ
|
||||
- US-CERT
|
||||
- CVE at MITRE
|
||||
- NVD (us NIST national vulnerabilities database)
|
||||
- conferences such as DEF CON
|
||||
|
||||
# Sting operations
|
||||
deliberately place sofware where it will interact with attacks, somewhat resembling a police sting operation.
|
||||
|
||||
## Honeypot
|
||||
- decoy service used to attact attackers
|
||||
- divert attackers from real service
|
||||
- identify attack origin - analyse attack - create countermeasures
|
||||
- honey-nets - co-ordiniated honeypots. - analyse malware infection behaviour (malware epidemiology)
|
||||
- bogus email address lists to hinder spammers
|
||||
- individual e-mail address can be used to gather and analyse spam smessages
|
||||
|
||||
## Tarpits
|
||||
- similar to honeypots but for *slowing* attack not diverting
|
||||
- often deployed as a proxy server in front of the real service
|
||||
Loading…
Reference in New Issue
Block a user