Jump to content

- - - - -

Detecting System Intrusions - A White Paper

Intrusion Detection Penetration Testing Hacking Guide General Reference

  • Please log in to reply
No replies to this topic

#1 Sp1nsp3n


    DDP Fan club member

  • Members
  • 40 posts
  • Gender:Male
  • Country:
  • Location:AZ

Posted 04 March 2014 - 05:17 AM

First things first, detecting system intrusion its not the same as Intrusion Detection
System/Intrusion Prevention System (IDS/IPS). We want to detect system intrusion
once attackers passed all defensive technologies in the company, such as IDS/IPS
mentioned above, full packet capture devices with analysts behind them, firewalls,
physical security guards, and all other preventive technologies and techniques.
Many preventing technologies are using blacklisting [1] most of the time, and thus
that’s why they fail. Blacklisting is allowing everything by default, and forbidding
something that is considered to be malicious. So for attacker it is a challenge to find
yet another way to bypass the filter. It is so much harder to circumvent a
whitelisting system.

Full White Paper and references:


Also tagged with one or more of these keywords: Intrusion Detection, Penetration Testing, Hacking Guide, General Reference

BinRev is hosted by the great people at Lunarpages!