tailieunhanh - Risk Management The Big Picture – Part IV

In our next section we are going to introduce network-based intrusion detection. The detect engine in this case is either a firewall, a personal firewall, or an intrusion detection system. All of these work quite well. We will begin with a single attack, just to see how one might work and how we might detect it. Then we will explore the range of tools and show you how you can get in the game with a very low investment, possibly even free. | Risk Management The Big Picture - Part IV Network-based Intrusion Detection Information Risk Management - SANS 2001 1 In our next section we are going to introduce network-based intrusion detection. The detect engine in this case is either a firewall a personal firewall or an intrusion detection system. All of these work quite well. We will begin with a single attack just to see how one might work and how we might detect it. Then we will explore the range of tools and show you how you can get in the game with a very low investment possibly even free. 4 - 1 Need for Network-based Intrusion Detection Most attacks come from the Internet Detecting these attacks allows a site to tune defenses If we correlate data from a large number of sources we increase our capability The statistic that 90 of all attacks are perpetrated by insiders is dead wrong. Information Risk Management - SANS 2001 2 While insider attacks may cause more damage because the attacker knows the system assets and what to target insider threats are usually addressed by traditional security and audit mechanisms. An insider has a much greater chance of being caught and prosecuted or dealt with administratively IF DETECTED since you know where they live. The greatest threat in terms of financial loss is insiders. Period no questions. That said the greatest number of threats is via Internet attacks. A huge percent of these are stopped by firewalls. Successful attacks often do not cause as much harm as an insider because an insider knows exactly where the crown jewels the strategic information assets of an organization are. Having said all that we are going to really concentrate on internet-based attacks in this section. Are they relevant Oh my yes The number one reason is the sheer numbers. If your site is subjected to thousands and thousands of attacks even if poorly targeted if you don t have effective perimeters than your systems will eventually fall when the correct exploit hits your system. However the

TỪ KHÓA LIÊN QUAN