Detecting System Intrusions
Almantas Kakareka, CISSP, GSNA, GSEC, CEH, Demyo, Inc.
1 Introduction
First things first: Detecting system intrusion is not the same as Intrusion Detection System/Intrusion Prevention System (IDS/IPS). We want to detect system intrusion once attackers pass all defensive technologies in the company (such as IDS/IPS mentioned above), full-packet capture devices with analysts behind them, firewalls, physical security guards, and all other preventive technologies and techniques. Many preventative technologies are using blacklisting [1] most of the time, and thus that’s why they fail. Blacklisting is allowing everything by default and forbidding something that is considered to be malicious. So, for the attacker, ...
Get Computer and Information Security Handbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.