Chapter 23. Intrusion Detection and Response
IN THIS CHAPTER
Understanding intrusion detection mechanisms
Understanding honeypots and their application
Reviewing incident handling
Detecting and responding to network attacks and malicious code is one of the principal responsibilities of information security professionals. Formal techniques and procedures have been developed by expert practitioners in the field to provide a structured approach to this difficult problem.
This chapter discusses these techniques as well as the different response mechanisms performed during an incident.
Intrusion Detection Mechanisms
Intrusion detection (ID) comprises a variety of categories and techniques. The prominent approaches involve determining if a system has been infected by viruses or other malicious code and applying methods for spotting an intrusion in the network by an attacker. Virus-scanning and infection-prevention techniques are used to address the virus problem, and intrusion detection and response mechanisms target network intrusions.
Antivirus approaches
Virus scanning and virus prevention techniques are normally used to prevent viruses from compromising valuable network resources.
Virus scanners
Virus scanners use pattern-matching algorithms that can scan for many different signatures at the same time. These algorithms include scanning capabilities that detect known and unknown worms and Trojan horses. These products scan hard disks for viruses and, if any are found, remove or quarantine them. ...
Get Network Security Bible, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.