Scribd
Upload
466 views16 pages

Information Security 08 Intrusion Detection and Response

Information Security Notes

Uploaded by

Kashif Ansari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
466 views16 pages

Information Security 08 Intrusion Detection and Response

Information Security Notes

Uploaded by

Kashif Ansari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Information Security

ArfanShahzad.com
Course Outline

ArfanShahzad.com
Intrusion Detection and Response

• An intrusion occurs when an attacker attempts to gain entry into or


disrupt the normal operations of an information system, almost
always with the intent to do harm.

• Even when such attacks are self-propagating, as in the case of viruses


and DDoS attacks, they are almost always instigated (initiated) by
someone whose purpose is to harm an organization.

ArfanShahzad.com
Intrusion Detection and Response cont…

• Intrusion prevention consists of activities that deter (prevent) an


intrusion.

• Some important intrusion prevention activities are:

ArfanShahzad.com
Intrusion Detection and Response cont…

1. Writing & implementing enterprise information security policy,

2. Planning & executing effective information security programs,

3. Installing & testing technology-based information security


countermeasures (e.g. firewalls and intrusion detection systems),

4. Conducting & measuring the effectiveness of employee training


and awareness activities.
ArfanShahzad.com
Intrusion Detection and Response cont…

• Information security intrusion detection systems (IDSs) became


commercially available in the late 1990s.

• An IDS works like a burglar alarm (robber alarm) in that it detects a


violation and activates an alarm.

• This alarm can be audible and/or visual (producing noise and lights,
respectively), or it can be silent (an e-mail message alert).

ArfanShahzad.com
Intrusion Detection and Response cont…

• A current extension of IDS technology is the Intrusion Detection and


Response (IDR).

• IDR is a crucial aspect of cybersecurity that involves monitoring,


detecting, and responding to unauthorized activities or potential
threats within a computer network or system.

ArfanShahzad.com
Intrusion Detection and Response cont…

• It aims to protect the network and its assets from malicious activities
and minimize the impact of security incidents.

• The process of IDR typically involves the following steps:

ArfanShahzad.com
Intrusion Detection and Response cont…

1. Monitoring

2. Detection

3. Alerting

4. Investigation

5. Response

6. Reporting
ArfanShahzad.com
Intrusion Detection and Response cont…

• 1- Monitoring: Continuous monitoring of network traffic, system logs, and


user activities to identify any abnormal or suspicious behavior.

• This can be done using various technologies such as network intrusion


detection systems (NIDS), host-based intrusion detection systems (HIDS),
and security information and event management (SIEM) tools.

ArfanShahzad.com
Intrusion Detection and Response cont…

• 2- Detection: Analyzing the collected data and applying detection


mechanisms to identify potential security incidents or indicators of
compromise (IOCs).

• This includes the use of signature-based detection, anomaly


detection, and behavioral analysis to identify known and unknown
threats.

ArfanShahzad.com
Intrusion Detection and Response cont…

• 3- Alerting: Generating alerts or notifications when potential security


incidents or anomalies are detected.

• These alerts are typically sent to a centralized console or a security


operations center (SOC) where they are analyzed and prioritized
based on their severity.

ArfanShahzad.com
Intrusion Detection and Response cont…

• 4- Investigation: Conducting a thorough investigation of the detected


incidents to determine the nature and extent of the security breach.

• This may involve analyzing log files, examining network traffic, and
gathering evidence to understand the root cause and impact of the
incident.

ArfanShahzad.com
Intrusion Detection and Response cont…

• 5- Response: Implementing appropriate response actions to contain


and mitigate the impact of the security incident.

• This may include isolating affected systems, blocking malicious


traffic, applying patches or updates, resetting compromised
credentials, and restoring affected services.

ArfanShahzad.com
Intrusion Detection and Response cont…

• 6- Reporting: Documenting the incident response activities, including


the details of the incident, actions taken, and lessons learned.

• This helps in improving future incident response processes and


enables regulatory compliance and reporting requirements.

ArfanShahzad.com
Intrusion Detection and Response cont…

• The overall goal of intrusion detection and response is to detect and


respond to security incidents in a timely manner, minimizing the
potential damage and reducing the risk of future incidents.

• It requires a combination of technology, processes, and skilled


personnel to effectively identify and respond to threats, ultimately
enhancing the overall security posture of an organization.

ArfanShahzad.com

You might also like