GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 23:04:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
9705fe7efd
quartz/content/notes/13-pen-testing-2.md
Jet Hughes 9705fe7efd vault backup: 2022-09-15 21:32:40
2022-09-15 21:32:40 +12:00

67 lines
2.2 KiB
Markdown
Raw Blame History

---
title: "13-pen-testing-2"
aliases:
tags:
- conp210
- lecture
---
# Intrusion detection cont.
## Auditing
a thorough prces of investiagtina nd analaysing aa system for vilnerabilities
- e.g., pen testing
-
can also refer to logging (esp. in a databse context)
## Firewalls
protect aginst network intrusions
- built in or third party
- built in - integration quality of control. ofen light convenince features maybe no GUI
- black/whitelist
- mandatory access control on routers
- mandatory access control
- e.g., block a netork port
- block icmp packets (some sytems are vulnerable)
- application level filtering for desktop systems
- finer grained control for linking rules to applications themselves (processes)
- router doesn't know about applications
- may not trust an aplication to connect o a web server but do trust other.
- dont have to block everything on that webserver
- provide altering and logging (avoid crying wolf)
- "end user alert fatigue"
> northcutt and novak - network intrusion detection
## Intrustion detection systems
- often bundled with commercial routers, network storage devices (NAS, SAN) - "cloud storage within organisation"
- can also be host based (HIDS) "situated aroud network"
- intrusion can be identified by know signatures (like pattern-based virus scanners)
- can also be anomaly-based (using heuristics)
## other intrusion detection topics
- file integrity checking
- hash checking to detect changes
- backup and recovery
## keeping up to date with vulnerabilites
- CERT NZ
- US-CERT
- CVE at MITRE
- NVD (us NIST national vulnerabilities database)
- conferences such as DEF CON
# Sting operations
deliberately place sofware where it will interact with attacks, somewhat resembling a police sting operation.
## Honeypot
- decoy service used to attact attackers
- divert attackers from real service
- identify attack origin - analyse attack - create countermeasures
- honey-nets - co-ordiniated honeypots. - analyse malware infection behaviour (malware epidemiology)
- bogus email address lists to hinder spammers
- individual e-mail address can be used to gather and analyse spam smessages
## Tarpits
- similar to honeypots but for *slowing* attack not diverting
- often deployed as a proxy server in front of the real service
Reference in New Issue View Git Blame Copy Permalink