Main

Articles

News

Links

Contacts

search this site


Intrusion Response



A security policy defines the rules that regulate how your organization manages and protects computing resources to achieve security objectives. For responding to intrusions, one of the policys primary purposes is to document the threats you intend to guard against and the actions you intend to take in response to a successful attack. Response procedures describe how the response policies will be implemented throughout your organization, e.g., who to notify, at what point in the response procedure, and with what types of information. From these procedures, all concerned parties are able to determine what operational steps they need to take...

Read more

Honeypots

A honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information or a resource that would be of value to attackers. A honeypot that masquerades as an open proxy is known as a sugarcane. A honeypot is valuable as a surveillance and early-warning tool. While often a computer, a honeypot can take on other forms, such as files...

Read more

Anomaly-based IDS

An Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either Normal or Anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and will detect any type of misuse that falls outwith normal system operation. This is as opposed to signature based systems which can only detect attacks for which a signature has previously been created. In order to determine what is attack traffic, the system must be taught to recognise normal system activity. This can be accomplished in several ways, most often...

Read more

HIDS

A HIDS will monitor all or part of the dynamic behavior and of the state of a computer system. Much as a NIDS will dynamically inspect network packets, a HIDS might detect which program accesses what resources and assure that (say) a word-processor hasnt suddenly and inexplicably started modifying the system password-database. Similarly a HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, or elsewhere; and check that the contents of these appear as expected. One can think of a HIDS as an agent that monitors whether anything/anyone - internal or...

Read more

Read other articles on our site










Intrusion Response News:

May 30: GE Security Puts Next-Gen Chemical Substance Identification in ... - Business Wire (press release)

May 28: SecureUSA Develops Energy Efficient, Pollution Free, Anti ... - PR Web (press release)

May 22: No More Passing the Buck on Critical Infrastructure - HSToday

May 22: Electrical grid overlords take drubbing over cyber attack ... - Register

May 22: SecureUSA Inc. develops green pollution free anti terrorist ... - WebWire (press release)

May 21: Lawmakers See Cyber Threats to Electrical Grid - PC World

May 20: Phorm and DPI: Alex Hanff - p2pnet.net

May 19: DHS unveils infrastructure protection grants - Washington Technology

May 16: Debate over Vista Security Continues with Follow-Up Study - Redmondmag.com

May 16: USR, Inc. Barriers Reach One Year of Service for US Air Force in Iraq - PR-USA.net (press release)