Skip to main content

Intrusion Detection and Response

Intrusion Systems

Intrusion Detection System (IDS)

Response Mechanism

  • Passive Response: Logs and sends notifications.
  • Active Response (Reactive): Can actively change the environment in response to threats.

Types of IDS

  1. HIS (Host-based IDS)

    • Monitors a single system.

    • Can be detected and disabled by attackers.

HIS can be susceptible to evasion if attackers can deduce the IDS based on the operating system or other native features.

  1. NID (Network-based IDS)

    • Monitors network traffic.
    • Less visible to attackers as it's on the network.

Both types can be run simultaneously, provided they don’t generate many false positives.

Intrusion Prevention System (IPS)

  • Positioned in-line with network traffic.
  • Proactively identifies and blocks malicious traffic before it reaches its target.

IPS is proactive and can halt threats before they manifest.

Espionage & Sabotage

Espionage

  • Nature: External threat.
  • Source: Competitor or state government.
  • Method: Might leverage an internal employee.

Sabotage

  • Nature: Internal threat.
  • Source: Often disgruntled employees.
  • Examples: Shutting down systems, deleting files.

Zero-Day Exploit

  • Definition: Attack using a vulnerability unknown to the public or known only to a limited group.
  • Protection:
    • General practices like not clicking suspicious links can protect against some exploits.
    • Zero-click exploits are harder to guard against, but measures include limiting communications to trusted parties.

Back to top