Detecting System Intrusions - A White Paper

1 post in this topic

First things first, detecting system intrusion its not the same as Intrusion Detection

System/Intrusion Prevention System (IDS/IPS). We want to detect system intrusion

once attackers passed all defensive technologies in the company, such as IDS/IPS

mentioned above, full packet capture devices with analysts behind them, firewalls,

physical security guards, and all other preventive technologies and techniques.

Many preventing technologies are using blacklisting [1] most of the time, and thus

that’s why they fail. Blacklisting is allowing everything by default, and forbidding

something that is considered to be malicious. So for attacker it is a challenge to find

yet another way to bypass the filter. It is so much harder to circumvent a

whitelisting system.

Full White Paper and references:



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now