DAY - 12
What is SSL?
Secure Sockets
Layer (SSL) was the most widely deployed cryptographic protocol to provide
security over internet communications before it was preceded by TLS (Transport Layer Security) in 1999. Despite the
deprecation of the SSL protocol and the adoption of TLS in its place, most
people still refer to this type of technology as ‘SSL’.
SSL provides a
secure channel between two machines or devices operating over the internet or
an internal network. One common example is when SSL is used to secure
communication between a web browser and a web server. This turns a website's
address from HTTP to HTTPS, the ‘S’ standing for ‘secure’
Intrusion Detection System
An Intrusion
Detection System (IDS) is a network security technology originally built
for detecting vulnerability exploits against a target application or
computer. Intrusion Prevention Systems (IPS) extended IDS solutions by
adding the ability to block threats in addition to detecting them and has
become the dominant deployment option for IDS/IPS technologies. This article
will elaborate on the configuration and functions that define the IDS deployment.
An IDS needs only to detect threats and as such is placed out-of-band on
the network infrastructure, meaning that it is not in the true real-time
communication path between the sender and receiver of information. Rather, IDS
solutions will often take advantage of a TAP or SPAN port to analyze a copy of
the inline traffic stream (and thus ensuring that IDS does not impact inline
network performance).
IDS was originally developed this way because at the time the depth of
analysis required for intrusion detection could not be performed at a speed
that could keep pace with components on the direct communications path of the
network infrastructure.
As explained, the IDS is also a listen-only device. The IDS monitors
traffic and reports its results to an administrator, but cannot automatically
take action to prevent a detected exploit from taking over the system.
Attackers are capable of exploiting vulnerabilities very quickly once they
enter the network, rendering the IDS an inadequate deployment for prevention
device.
The following table summarizes the differences in technology intrinsic
to IPS and the IDS deployment:
|
Intrusion
Prevention System
|
IDS Deployment
|
|
|
Placement in Network Infrastructure
|
Part of the direct line of communication (inline)
|
Outside direct line of communication (out-of-band)
|
|
System Type
|
Active (monitor & automatically defend) and/or passive
|
Passive (monitor & notify)
|
|
Detection Mechanisms
|
1. Statistical anomaly-based detection
2. Signature detection: - Exploit-facing signatures - Vulnerability-facing signatures |
1. Signature detection:
- Exploit-facing signatures |
Viruses and Worms
The two most
common types of network attacks are the virus and the worm.
·
A
virus is a program used to infect a computer.
·
It is
usually buried inside another program—known as a Trojan—or distributed as a
stand-alone executable.
·
Not
all viruses are malicious; in fact, very few cause extensive damage to systems.
Most viruses are simply practical jokes, designed to make it appear, or scare
recipients into thinking, that something is wrong with Windows.
·
Unfortunately, the viruses that are
destructive are often extremely destructive.
·
A
well-designed virus can disable an entire network in a matter of minutes.
·
Worms
are often confused with viruses, but they are very different types of code.
·
A worm
is self-replicating code that spreads itself from system to system.
·
A traditional virus requires manual
intervention to propagate itself, by copying it unknowingly to a floppy,
unwittingly embedding it in an attachment, or some other method.
·
Worms
do not require assistance to spread; instead, a worm can automatically e-mail
itself to other users, copy itself through the network, or even scan other
hosts for vulnerabilities—and then attack those hosts
No comments:
Post a Comment
Give your valuable feedback