Speny

Detecting System Intrusions - A White Paper

1 post in this topic

First things first, detecting system intrusion its not the same as Intrusion Detection

System/Intrusion Prevention System (IDS/IPS). We want to detect system intrusion

once attackers passed all defensive technologies in the company, such as IDS/IPS

mentioned above, full packet capture devices with analysts behind them, firewalls,

physical security guards, and all other preventive technologies and techniques.

Many preventing technologies are using blacklisting [1] most of the time, and thus

that’s why they fail. Blacklisting is allowing everything by default, and forbidding

something that is considered to be malicious. So for attacker it is a challenge to find

yet another way to bypass the filter. It is so much harder to circumvent a

whitelisting system.

Full White Paper and references:

https://www.evernote.com/shard/s271/sh/8244027f-bfda-4d75-9ccc-db2aa5b89a73/5d3c8c8bddee15e4795041b7f94780f8

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now