Intrusion:
An intrusion is defined as the unauthorized use, misuse, or abuse of computer systems by either authorized users or external perpetrators.
Types of Intrusions:
◦External attacks
attempted break-ins, denial of service attacks, etc.
◦Internal attacks
Masquerading as some other user
Misuse of privileges, malicious attacks
◦Clandestine users: exploiting bugs in privileged programs
Types of intruders:
◦Masquerader : pretend to be someone one is not
An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account
◦Misfeasor : authentic user doing unauthorized actions
A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges
◦Clandestine user : done secretively, especially because illicit
An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection
Mechanisms Used:
- Prevention: isolate from network, strict authentication measures, encryption
- Preemption:
◦“do unto others before they do unto you” - Deterrence: dire warnings,
◦“we have a bomb too.” - Deflection: diversionary techniques to lure away
- Detection
- Counter attacks
The two principal counter-measures
- Detection : is concerned with learning of an attack, either before or after its success.
- Prevention : is a challenging security goal. The difficulty stems from the fact that the defender must attempt to thwart all possible attacks, whereas the attacker is free to try to find the weakest link in the defense chain and attack at that point.
What is IDS?
An Intrusion Detection System (IDS) is a system that attempts to identify intrusions.
Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.
Examples :
- Car Alarms
- House Alarms
- Surveillance Systems
- Spy Satellites, and spy planes