Intrusion Detection là thiết bị bảo mật vô cùng quan trọng. Intrusion Detection Systems (IDS) là giải pháp bảo mật được bổ sung cho Firewalls (hình dưới đây thể hiện điều đó). Một IDS có khả năng phát hiện ra các đoạn mã độc hại hoạt động trong hệ thống mạng và có khả năng vượt qua được Firewall.
Hầu hết các vấn đề liên quan tới IDS đó là cấu hình sai, đó là việc thiết lập các thống số bị lỗi.
Our goal in writing Network Intrusion Detection, Third Edition has been to
empower you as an analyst. We believe that if you read this book cover to
cover, and put the material into practice as you go, you will be ready to
enter the world of intrusion analysis. Many people have read our books, or
attended our live class offered by SANS, and the lights have gone on;
then, they are off to the races. We will cover the technical material, the
workings of TCP/IP, and also make every effort to help you understand
how an analyst thinks through dozens of examples....
This chapter builds on the introductory discussions of intrusion detection systems (IDSs)
presented in Chapter 3, "Understanding Defenses." This chapter delves into IDS
concepts, uses, applications, and limitations. After the introduction to IDSs, their
deployment and analysis are discussed in more detail. The concluding case study is a
practical example of how organizations can inspect and monitor overall network activity
using IDSs to protect their assets.
This slide shows an overview of the topics we will cover. If you see patterns in these categories that
are not included in this course, we hope you will send them to email@example.com so they can be
added to the collection. Keep in mind that intrusion detection is easy when you know the answer,
when it is a familiar pattern; however, it can be hard and frustrating when you do not know the
Of course, everyone has their favorite resources on the Net, we encourage you to take some time to
give these a try and if you find something really super that isn’t listed here, let us know about it.
These URLs are listed to provide you with some very useful information pertaining to the different
types of Intrusion Detection software that are available for download, as well to provide some
resources for discovering the latest news on common vulnerabilities, etc.
Password Selection Strategies
Viruses and Related Threats
The Nature of Viruses
Advanced Antivirus Techniques
Recommended Reading and WEB Sites
A major problem of existing anomaly intrusion detection approaches is that they tend to produce excessive false alarms. One reason for this is that the normal and abnormal behaviour of a monitored object can overlap or be very close to each other, which makes it difficult to define a clear boundary between the two.
IP Address Scans
scan the range of addresses looking for hosts (ping scan)
scan promising ports for openness (80, 21, …)
determine the OS
pick the most vulnerable host, most running services...
Automated password attacks
FTP, HTTP, NetBIOS, VNC PCAnywhere….
Application specific attacks
try known vulnerabilities on present services
Content in lecture Information systems security include: General security concepts, identifying potential risks, infrastructure and connectivity, monitoring activity and intrusion detection, implementing and maintaining a secure network, securing the network and environment, cryptography basics - methods and standards, security policies and procedures, security administration.