First things first, detecting system intrusion its not the same as Intrusion Detection
System/Intrusion Prevention System (IDS/IPS). We want to detect system intrusion
once attackers passed all defensive technologies in the company, such as IDS/IPS
mentioned above, full packet capture devices with analysts behind them, firewalls,
physical security guards, and all other preventive technologies and techniques.
Many preventing technologies are using blacklisting  most of the time, and thus
that’s why they fail. Blacklisting is allowing everything by default, and forbidding
something that is considered to be malicious. So for attacker it is a challenge to find
yet another way to bypass the filter. It is so much harder to circumvent a
Full White Paper and references:
Detecting System Intrusions - A White PaperIntrusion Detection Penetration Testing Hacking Guide General Reference
No replies to this topic
Also tagged with one or more of these keywords: Intrusion Detection, Penetration Testing, Hacking Guide, General Reference
BinRev is hosted by the great people at Lunarpages!