9. IDS and IPS to detect and react to intrusions
Intrusion Detection Systems (IDS) detect intrusions on a network by collecting and analyzing data provided by several network devices. Their aim is to detect any abnormal activity, such as probing activities (port scanning, fingerprinting ), system compromise attempts, log file audits and so on. They are based on two techniques that can be used in complementary ways: signatures of known attacks, which are based, among other things, on the search for patterns (sequence of bytes), verification of compliance with protocol standards, etc.; and the behavioral approach, which detects any deviation from a pre-established profile for a user, service or application, this profile being measured using metrics such as CPU (Central Processing Unit) load, volume of data transmitted, connection time to resources, etc. The disadvantage of the signature-based approach is that the signature database needs...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Networks and Telecommunications
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
IDS and IPS to detect and react to intrusions
Bibliography
Bibliography
- (1) - ANSSI - Recommandations pour la définition d'une politique de filtrage réseau d'un pare-feu. - mars 2013 https://www.ssi.gouv.fr/uploads/IMG/pdf/NP_Politique_pare_feu_NoteTech.pdf ...
Software tools
Squid http://www.squid-cache.org
netfilter http://www.netfilter.org
SNORT http://www.snort.org
Websites
ANSSI, CSPN certified products https://www.ssi.gouv.fr/entreprise/produits-certifies/produits-certifies-cspn/
ANSSI, Common criteria certified products https://www.ssi.gouv.fr/entreprise/produits-certifies/cc/produits-certifies-cc/
...Standards and norms
- IETF, LEECH (M.), GANIS (M.), LEE (Y.), KURIS (R.), KOBLAS (D.), JONES (L.). – SOCKS Protocol Version 5. http://ietf.org/rfc/rfc1928.txt?number=1928 - rfc 1928 - 03-96
Regulations
Law no. 2009-1311 of October 28, 2009 on the criminal protection of literary and artistic property on the Internet, JORF no. 0251 of Oct. 29, 2009 https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000021208046&categorieLien=id
Law no. 2015-912...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference