Page 191 - DCAP516_COMPUTER_SECURITY
P. 191
Unit 14: Intrusion Detection System and Secure E-mail
14.7 Summary Notes
An Intrusion Prevention System is a network security device that monitors network and/
or system activities for malicious or unwanted behavior and can react, in real-time, to
block or prevent those activities.
An IPS is typically designed to operate completely invisibly on a network. IPS can be
categorized in two broad section: host based IPS and network-based IPS.
Intrusion detection system is a type of security management system for computers and
networks. An IDS gathers and analyzes information from various areas within a computer
or a network to identify possible security breaches, which include both intrusions and
misuse.
Intrusion Detection System (IDS) technology is an important component in designing a
secure environment. It is a type of security management system for computers and
networks. An intrusion detection system is used to detect several types of malicious
behaviors that can compromise the security and trust of a computer system. This includes
network attacks against vulnerable services, data driven attacks on applications, host
based attacks such as privilege escalation, unauthorized logins and access to sensitive
files, and malware (viruses, trojan horses, and worms).
Email is the most widely used application service, which is used by computer users. It
differs from other uses of the networks as network protocols send packets directly to
destinations using timeout and retransmission for individual segments if no
acknowledgement returns. However in the case of email the system must provide for
instances when the remote machine or the network connection has failed and take some
special action. Email applications involve two aspects:
User-agent (pine, elm, etc.)
Transfer agent (send mail daemon, etc.)
14.8 Keywords
Access Control: It refers to general rules allowing hosts, users or applications access to specific
parts of a network.
Application Protocol-based Intrusion Detection System: It consists of a system or agent that
would typically sit within a group of servers, monitoring and analyzing the communication on
application specific protocols.
Content-based IPS: It inspects the content of network packets for unique sequences, called
signatures, to detect and hopefully prevent known types of attack such as worm infections and
hacks.
Host-based Intrusion Detection System: It consists of an agent on a host which identifies intrusions
by analyzing system calls, application logs, file-system modifications (binaries, password files,
capability/acl databases) and other host activities and state.
Host-based IPS: It is one where the intrusion-prevention application is resident on that specific
IP address, usually on a single computer.
Hybrid Intrusion Detection System: It combines two or more approaches, like host agent data is
combined with network information to form a comprehensive view of the network.
Intrusion Detection System: It gathers and analyzes information from various areas within a
computer or a network to identify possible security breaches, which include both intrusions and
misuse.
LOVELY PROFESSIONAL UNIVERSITY 185
