tailieunhanh - Risk Management The Big Picture – Part III

Host-based intrusion detection could also be called host-specific intrusion detection, in that its primary purpose is to detect suspicious activity or known attack patterns on the specific host it is installed on. Some host-based intrusion detection systems (HIDS) have a number of host detectors reporting to a central management console that can flag alerts, centralize logs, and update the host detectors’ policies. Other HIDS are stand-alone. | Risk Management The Big Picture - Part III Host-based Intrusion Detection Information Risk Management - SANS 2001 1 Host-based intrusion detection could also be called host-specific intrusion detection in that its primary purpose is to detect suspicious activity or known attack patterns on the specific host it is installed on. Some host-based intrusion detection systems HIDS have a number of host detectors reporting to a central management console that can flag alerts centralize logs and update the host detectors policies. Other HIDS are stand-alone. The boundaries between HIDS anti-virus packages and personal firewalls are blurring. 3 - 1 Need for Host-based ID Very fast networks Switched networks Back doors in local network Insider on network Network-based IDS may miss attack Don t trust corporate security that much Information Risk Management - SANS 2001 2 To cut straight to the chase you can t do a thorough job of detection or protection without software layers at the host. In the future it may be possible for the network fabric itself to have a significant role in these capabilities but it isn t going to happen in the next six to twelve months. Speed and the visibility limitation of switched and encrypted networks are network intrusion detection systems biggest limitations. We ll examine them in a bit more depth in the next two slides. Host-based intrusion detection can be very valuable in detecting back doors into your network such as unsecured modems or links from other organization units or business partners. It s no good relying on your network sensors that watch your front door if the back door is wide open. Another aspect of host-based intrusion detection is that it can catch insider attacks that don t cross the network or don t pass through the instrumented perimeter. Network-based systems can miss some sophisticated attacks - for example fragrouter - that HIDS will detect. Finally HIDS have a lower cost of entry down to the level of protecting a single

TỪ KHÓA LIÊN QUAN