mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-30 16:24:06 -06:00
vault backup: 2022-09-15 21:32:40
This commit is contained in:
Jet Hughes
parent
1082b8983b
commit
9705fe7efd
@ -6,7 +6,7 @@ tags:
|
|||||||
- lecture
|
- lecture
|
||||||
---
|
---
|
||||||
|
|
||||||
|
# Intrusion detection cont.
|
||||||
## Auditing
|
## Auditing
|
||||||
a thorough prces of investiagtina nd analaysing aa system for vilnerabilities
|
a thorough prces of investiagtina nd analaysing aa system for vilnerabilities
|
||||||
- e.g., pen testing
|
- e.g., pen testing
|
||||||
@ -21,6 +21,47 @@ protect aginst network intrusions
|
|||||||
- mandatory access control on routers
|
- mandatory access control on routers
|
||||||
- mandatory access control
|
- mandatory access control
|
||||||
- e.g., block a netork port
|
- e.g., block a netork port
|
||||||
- block icmp p
|
- block icmp packets (some sytems are vulnerable)
|
||||||
- application level filtering for desktop systems
|
- application level filtering for desktop systems
|
||||||
|
- finer grained control for linking rules to applications themselves (processes)
|
||||||
|
- router doesn't know about applications
|
||||||
|
- may not trust an aplication to connect o a web server but do trust other.
|
||||||
|
- dont have to block everything on that webserver
|
||||||
- provide altering and logging (avoid crying wolf)
|
- provide altering and logging (avoid crying wolf)
|
||||||
|
- "end user alert fatigue"
|
||||||
|
|
||||||
|
> northcutt and novak - network intrusion detection
|
||||||
|
|
||||||
|
|
||||||
|
## Intrustion detection systems
|
||||||
|
- often bundled with commercial routers, network storage devices (NAS, SAN) - "cloud storage within organisation"
|
||||||
|
- can also be host based (HIDS) "situated aroud network"
|
||||||
|
- intrusion can be identified by know signatures (like pattern-based virus scanners)
|
||||||
|
- can also be anomaly-based (using heuristics)
|
||||||
|
|
||||||
|
## other intrusion detection topics
|
||||||
|
- file integrity checking
|
||||||
|
- hash checking to detect changes
|
||||||
|
- backup and recovery
|
||||||
|
|
||||||
|
## keeping up to date with vulnerabilites
|
||||||
|
- CERT NZ
|
||||||
|
- US-CERT
|
||||||
|
- CVE at MITRE
|
||||||
|
- NVD (us NIST national vulnerabilities database)
|
||||||
|
- conferences such as DEF CON
|
||||||
|
|
||||||
|
# Sting operations
|
||||||
|
deliberately place sofware where it will interact with attacks, somewhat resembling a police sting operation.
|
||||||
|
|
||||||
|
## Honeypot
|
||||||
|
- decoy service used to attact attackers
|
||||||
|
- divert attackers from real service
|
||||||
|
- identify attack origin - analyse attack - create countermeasures
|
||||||
|
- honey-nets - co-ordiniated honeypots. - analyse malware infection behaviour (malware epidemiology)
|
||||||
|
- bogus email address lists to hinder spammers
|
||||||
|
- individual e-mail address can be used to gather and analyse spam smessages
|
||||||
|
|
||||||
|
## Tarpits
|
||||||
|
- similar to honeypots but for *slowing* attack not diverting
|
||||||
|
- often deployed as a proxy server in front of the real service
|
||||||
Loading…
Reference in New Issue
Block a user