IT2042 Info Sec UNIT V NOTES
IT2042 Info Sec UNIT V NOTES
d) Signature-based IDS
It is based on detection methods. A signature-based IDS(also called Knowledge-
based IDs) examines data traffic in search of patterns that match known signatures – that
is,preconfigured ,predetermined attack patterns.
Many attacks have clear and distinct signatures such as (i) footprinting and
fingerprinting activities,have an attack pattern that includes the use of ICMP,DNS
querying,and e-mail routing analysis (ii) Exploits involve a specific attack sequence
designed to take advantage of a vulnerability to gain access to a system (iii) Denial of
Service(DoS) and Distributed Denial of Service(DDoS) attacks.
e) Statistical Anomaly-Based IDS(Also called Behaviour-based IDS)
This approach is used for detecting intrusions based on the frequency with which
certain network activities takes place. Statistical Anomaly-Based IDS collects
statistical summaries by observing traffic that is known to be normal. A baseline is
established based on normal period. The Stats IDs periodically sample network
activity,and using statistical methods ,compares the sampled network activity to the
baseline. When the measured activities are outside the baseline parameters,it is said to
be exceeding the clipping level;at this point,the IDS will trigger an alert to notify the
administrator.
f) Log File Monitors(LFM)
Log File Monitor(LFM) is an approach to IDS that is similar to NIDS. Using LFm
the system reviews the log files generated by servers,network devices,and wven other
IDSs. These systems look for patterns and signatures in the log files that may indicate an
attack or intrusion is in process or has already succeeded.
14) What are the advantages and disadvantages of using honey pot or padded cell
approach?
Advantages:
Attackers can be diverted to targets that they cannot damage.
Administrators have time to decide how to respond to an attacker.
Attackers action can be easily and extensively monitored
Honey pots may be effective at catching insiders who are snooping around a
network.
Disadvantages:
The legal implication of using such devices are not well defined.
Honey pots and Padded cells have not yet been shown to be generally useful
security technologies.
An exper attacker,once diverted into a decoy system,may become angry and
launch a hostile attack againt an organization’s systems
Admins and security managers will need a high level of expertise to use these
systems.
15) How Scanning and Analysis tools are useful in enforcing Information Security?
Scanning and Analysis Tools
Scanners, sniffers, and other analysis tools are useful to security administrators in
enabling them to see what the attacker sees
Scanner and analysis tools can find vulnerabilities in systems
One of the preparatory parts of an attack is known as footprinting – collecting IP
addresses and other useful data
The next phase of pre-attack data gathering process is called fingerprinting – scanning
all known addresses to make a network map of the target
Mantraps
An enclosure that has an entry point and a different exit point
The individual enters the mantrap, requests access, and if verified, is allowed to exit
the mantrap into the facility
If the individual is denied entry, they are not allowed to exit until a security official
overrides the automatic locks of the enclosure
Electronic Monitoring
Records events where other types of physical controls are not practical
May use cameras with video recorders
Drawbacks:
o reactive and do not prevent access or prohibited activity
o recordings often not monitored in real time and must be reviewed to have any
value
Alarms and Alarm Systems
Alarm systems notify when an event occurs
Used for fire, intrusion, environmental disturbance, or an interruption in services
These systems rely on sensors that detect the event: motion detectors, smoke
detectors, thermal detectors, glass breakage detectors, weight sensors, and contact
sensors
Fire Safety
The most serious threat to the safety of the people who work in the organization is the
possibility of fire
Fires account for more property damage, personal injury, and death than any other
threat
It is imperative that physical security plans examine and implement strong measures
to detect and respond to fires and fire hazards
Textbook