Скачать в pdf «Network+»

Intruder Detection: Defense Techniques

There are three main types of intruder detection and defense:

■    Active detection involves constantly scanning the network for possible break-ins.

■    Passive detection involves logging all network events to a file.

■    Proactive defense involves using tools to shore up your network walls against attack.

Active Detection

Active detection is analogous to a security guard walking down the hallway rattling doors. The guard is checking for a break-in. Special network software can search for hackers trying known attack methods, including suspicious activity as they travel over the network. Some sophisticated active systems actually take action, such as shutting down the communications sessions that the hacker is using, as well as e-mailing or paging you. Some packages actually go as far as trying to cripple the computer from which the hacker is attacking. Cisco’s NetRanger, Memco’s SessionWall, and SATAN are all forms of active intrusion-detection software.

Because SATAN is free, both sides have access to it. Consequently, hackers can (and often do) use SATAN to look for security holes. Many other intrusion-detection programs will also look for SATAN-type intrusions.

Passive Detection

Video cameras are an example of passive intrusion-detection systems. Their counterparts in networking are files that log events that occur on the network. Tripwire for Unix systems is one of the earliest programs of this type. With passive detection systems, files and data are looked at, and checksums are calculated for each file and piece of data. These checksums are then stored in a log file. If the network administrator notices a security breach on the network, he or she can access the log files to find clues regarding the security breach.

Скачать в pdf «Network+»