October 2015
Intermediate to advanced
440 pages
13h 4m
English
Content preview from Introduction to Network Security, 2nd Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 9Intrusion Detections
Network perimeter security cannot stop attackers from entering the internal networks if they obtain authenticated access to target computers and log on to them as legitimate users. Attackers may be able to obtain login information of legitimate users through, for example, identity spoofing and phishing attacks. Attackers of this kind are intruders.
Thus, it is desirable, and often is necessary, to detect intrusion activities by monitoring ingress packets that have passed through firewalls and analyze how users use their computers, so that system administrators can take appropriate actions against intrusions. It is also possible to prevent intrusions from entering important systems by using sacrificial decoy assets, called honeypots, which lure attackers' attention away from the computers that need protection. This chapter introduces common intrusion detection techniques and honeypot techniques.
9.1 Basic Ideas of Intrusion Detection
Building automated systems to detect intrusion activities was initiated by Dorothy Denning and Peter Neumann in the mid-1980s. They observed that intruders often acted differently from the legitimate users they impersonated. Moreover, behavior differences may be measured to allow quantitative analysis. Their seminal work has evolved into a fruitful branch of network security.
The goal of intrusion detection is to identify intrusion activities that already occurred or are currently occurring inside an internal network. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.