Chapter 37 – |
Vulnerability Assessment and Intrusion Detection Systems |
Rebecca Gurley Bace
Chapter Contents:
|
37.1 |
|
Security Behind the Firewall
|
|
37.1.1 |
|
What Is Intrusion Detection?
|
|
37.1.2 |
|
What Is Vulnerability Assessment?
|
|
37.1.3 |
|
Where Do Intrusion Detection and Vulnerability Assessment Fit in Security Management?
|
|
37.1.4 |
|
Brief History of Intrusion Detection
|
|
37.2 |
|
Main Concepts
|
|
37.2.1 |
|
Process Structure
|
|
37.2.1.1 |
|
Information sources
|
|
37.2.1.2 |
|
Analysis engine
|
|
37.2.1.3 |
|
Response
|
|
37.2.2 |
|
Monitoring Approach
|
|
37.2.3 |
|
Intrusion Detection Architecture
|
|
37.2.4 |
|
Monitoring Frequency
|
|
37.2.5 |
|
Analysis Strategy
|
|
37.3 |
|
Vulnerability Assessment
|
|
37.3.1 |
|
Relationship between Vulnerability Assessment and Intrusion Detection
|
|
37.3.2 |
|
Assessment Strategies
|
|
37.3.2.1 |
|
Credentialed monitoring
|
|
37.3.2.2 |
|
Noncredentialed monitors
|
|
37.3.3 |
|
Strengths and Weaknesses
|
|
37.3.4 |
|
Roles for Vulnerability Assessment in System Security Management
|
|
37.4 |
|
Information Sources
|
|
37.4.1 |
|
Network Monitoring
|
|
37.4.2 |
|
Operating System Monitoring
|
|
37.4.3 |
|
Application Monitoring
|
|
37.4.4 |
|
Other Types of Monitoring
|
|
37.4.5 |
|
Issues in Information Sources
|
|
37.5 |
|
Analysis Schemes
|
|
37.5.1 |
|
Misuse Detection
|
|
37.5.2 |
|
Anomaly Detection
|
|
37.5.3 |
|
Hybrid Approaches
|
|
37.5.4 |
|
Issues in Analysis
|
|
37.6 |
|
Response
|
|
37.6.1 |
|
Passive Responses
|
|
37.6.1.1 |
|
Alarms
|
|
37.6.1.2 |
|
Reports
|
|
37.6.2 |
|
Active Responses
|
|
37.6.3 |
|
Automated Responses
|
|
37.6.3.1 |
|
Stand-alone responses
|
|
37.6.3.2 |
|
Integrated responses
|
|
37.6.4 |
|
Investigative Support
|
|
37.6.5 |
|
Issues in Responses
|
|
37.7 |
|
Needs Assessment and Product Selection
|
|
37.7.1 |
|
Matching Needs to Features
|
|
37.7.2 |
|
Specific Scenarios
|
|
37.7.3 |
|
Integrating IDS Products with Your Security Infrastructure
|
|
37.7.4 |
|
Deployment of IDS Products
|
|
37.7.4.1 |
|
Location of sensors
|
|
37.7.4.2 |
|
IDS integration scheduling
|
|
37.7.4.3 |
|
Alarm settings
|
|
37.8 |
|
Conclusion
|
|
37.9 |
|
Notes
|
|
37.10 |
|
References
|
|
|
|