Information Security 08 - Intrusion Detection and Response
Information Security 08 - Intrusion Detection and Response
ArfanShahzad.com
Intrusion Detection and Response
• An intrusion occurs when an attacker attempts to gain entry into or
disrupt the normal operations of an information system, almost
always with the intent to do harm.
ArfanShahzad.com
Intrusion Detection and Response cont…
• Intrusion prevention consists of activities that deter (prevent) an
intrusion.
ArfanShahzad.com
Intrusion Detection and Response cont…
ArfanShahzad.com
Intrusion Detection and Response cont…
• Information security intrusion detection systems (IDSs) became
commercially available in the late 1990s.
ArfanShahzad.com
Intrusion Detection and Response cont…
• A current extension of IDS technology is the Intrusion Detection and
Response (IDR).
ArfanShahzad.com
Intrusion Detection and Response cont…
• It aims to protect the network and its assets from malicious activities
and minimize the impact of security incidents.
ArfanShahzad.com
Intrusion Detection and Response cont…
1. Monitoring
2. Detection
3. Alerting
4. Investigation
5. Response
6. Reporting
ArfanShahzad.com
Intrusion Detection and Response cont…
ArfanShahzad.com
Intrusion Detection and Response cont…
• 2- Detection: Analyzing the collected data and applying detection
mechanisms to identify potential security incidents or indicators of
compromise (IOCs).
ArfanShahzad.com
Intrusion Detection and Response cont…
• 3- Alerting: Generating alerts or notifications when potential security
incidents or anomalies are detected.
ArfanShahzad.com
Intrusion Detection and Response cont…
• 4- Investigation: Conducting a thorough investigation of the detected
incidents to determine the nature and extent of the security breach.
• This may involve analyzing log files, examining network traffic, and
gathering evidence to understand the root cause and impact of the
incident.
ArfanShahzad.com
Intrusion Detection and Response cont…
ArfanShahzad.com
Intrusion Detection and Response cont…
• 6- Reporting: Documenting the incident response activities, including
the details of the incident, actions taken, and lessons learned.
ArfanShahzad.com
Intrusion Detection and Response cont…
• The overall goal of intrusion detection and response is to detect and
respond to security incidents in a timely manner, minimizing the
potential damage and reducing the risk of future incidents.
ArfanShahzad.com