Jump to content


Photo
- - - - -

Detecting System Intrusions - A White Paper

Intrusion Detection Penetration Testing Hacking Guide General Reference

  • Please log in to reply
No replies to this topic

#1 Sp1nsp3n

Sp1nsp3n

    H4x0r

  • Binrev Financier
  • 36 posts
  • Country:
  • Gender:Male
  • Location:AZ

Posted 04 March 2014 - 05:17 AM

First things first, detecting system intrusion its not the same as Intrusion Detection
System/Intrusion Prevention System (IDS/IPS). We want to detect system intrusion
once attackers passed all defensive technologies in the company, such as IDS/IPS
mentioned above, full packet capture devices with analysts behind them, firewalls,
physical security guards, and all other preventive technologies and techniques.
Many preventing technologies are using blacklisting [1] most of the time, and thus
that’s why they fail. Blacklisting is allowing everything by default, and forbidding
something that is considered to be malicious. So for attacker it is a challenge to find
yet another way to bypass the filter. It is so much harder to circumvent a
whitelisting system.

Full White Paper and references:

https://www.evernote...95041b7f94780f8





Also tagged with one or more of these keywords: Intrusion Detection, Penetration Testing, Hacking Guide, General Reference

BinRev is hosted by the great people at Lunarpages!