PPT-Security Technology: Intrusion Detection, Access Control and Other Security Tools

Chapter 7 Intrusion Intrusion is a type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operation of system with almost always the intent to do malicious harm. C Berk ele Dre Dean Xer ox ARC Abstract One of the primary halleng es in intrusion detection is modelling typical application behavior so that we can ec gnize attac ks by their atypical ef fects without aising too many false alarms show h Chapter 7. Intrusion. “Intrusion is a type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operation of system with, almost always, the intent to do malicious harm.”. 11. Intrusion Detection (. cont. ). modified from slides of . Lawrie. Brown. Security Intrusion. : A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.. Ali . Al-. Shemery. arabnix. [at] . gmail. All materials is licensed under a Creative Commons “Share Alike” license.. http://creativecommons.org/licenses/by-sa/3.0/. 2. # . whoami. Ali . Al-. Shemery. INTRO TO INTRUSION ALARM. INTRUSION ALARM TECHNOLOGY. An intrusion detection system consists of several different system components wired together to provide protection of persons and property.. INTRUSION ALARM TECHNOLOGY. Intrusion Detection. modified from slides of . Lawrie. Brown. Intruders. classes:. two most publicized threats to security are malware and intruders. generally referred to as a . hacker. or . cracker. Intruders. Classes (from [ANDE80]:. two most publicized threats to security are malware and intruders. generally referred to as a . hacker. or . cracker. Examples of Intrusion. remote root compromise. Computer Security Techniques. Patricia Roy. Manatee Community College, Venice, FL. ©2008, Prentice Hall. Operating Systems:. Internals and Design Principles, 6/E. William Stallings. Authentication. Basis for most type of access control and accountability. Y. our Data Center Weakness in the Media. Matt Powers. Data center security Statistics. Data center security challenges. PROTECTING. the company’s image. ACHIEVING. regulatory compliance (HIPPA, PCI-DSS, SOX, GLB). /dr. x. Logistics. Programming homework: extra 4 days. Midterm date: Wednesday, March 1. Duration: 60 mins. Presentations: next . Rich Nelson. Reports: can you see my comments, feedback on Oaks?. L1: many reports did not even have a sentence with intro/conclusions. /dr. x. Logistics. Command Line Lab on Thursday: please bring your laptops. Keep up with the reading . – Midterm on March 2. nd. . . Computer Networks Basics: OSI stack, subnets, Basic protocols: ARP, ICMP, NAT, DHCP, DNS, TCP/IP. modified from slides of . Lawrie. Brown. Classes of Intruders – Cyber Criminals. Individuals or members of an organized crime group with a goal of financial reward. Their activities may include: . Software Vulnerability. System Vulnerability and Abuse. Commercial software contains flaws that create security vulnerabilities.. Hidden bugs (program code defects). Zero defects cannot be achieved because complete testing is not possible with large programs. Security Services. Security Awareness. An attitude held by security personnel and non-security client employees that places a high value on detecting, deterring, and reporting security exposures such as crime, safety hazards, fire hazards, theft, intrusions, and vandalism.