A brief introduction about internet intrusion and intrusion detecting system The outline of this introduction is about: Attack type What is hacker? Hack Process Usual technique There are five kinds of attack types: 1. Surveillance or Probing Unauthorized probing of a machine or network to look for vulnerabilities, explore configurations, or map the network's topology. Ex: port-scan, ping-sweep 2.Remote to local Unauthorized obtaining of user preivileges on a local host by a remote user without without such privileges. EX: password guessing 3. User to root Unauthorized access to local suoerviser or administrator privileges by a local unprivileged Ex: Various of buffer overflow attacks 4. Denial of service Unauthorized attempt to disrupt the normal functioning of a victim host or network Ex: ping-of death、teardrop、smurf、syn flood 5. Data compromise Unauthorized access or modification of data on local host tor remote host What is hacker ? A hacker is a person with mastery of computers. A cracker is a person who attempt to gain unauthorized access to computer systems. A script kiddle is a person who simply follows directions without fully understanding the meaning of the steps they are performing. This is the rough process of a hacker's intrusion. First is to probe, which is to map out the network and determine details on the systems about the network. Secon is to penetrate. Once the systems and potentially vulnerable services have been discovered, the next step is an attack. Once the machine has been owned, it make it easier to get back onto the system. The next is propagate. Once the attacker has an established presence, the next is to look for what else is avalible. The final step is paralyze. It is the final goal of a targeted attack. The attacker goes after the environment with a goal in mind. What is Buffer Overflow? It is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. There are two chief overflows: 1. Stack-based overflow By overwriting the return address in a stack frame. 2. Heap-based overflow Depend on important variables being stored in memory after a buffer that can be overflowed. What is security management model ? The first step is prevention. The second step is detection. The third step is investigation. The fourth step is recovery/solution. In the course of the first step and secondstep, it is making monitors and analyses. In the course of the second step and the third step, it is detecting the problem. In the course of the third step and the fourth step, it is finding the problems. In the course of the fourth step to a new first step, it is finding errors and correct them. The difference between host-based internet detection system and network-based internet detection system is as follows. Host-based IDE has strong deterrence for intruders, but network-based IDE's is weaker. The host-based has a strong detection for insiders but weak detection for outsiders. On the contrary, the network-based has a strong detection for outsiders but weak detection for insiders. The host-based is excellent for determining extent of compromises, but the network based is very weak in damage assessment capabilities. What is intrusion analysis mechanism?It encompasses three kinds of detections: 1. Anomaly detection detects deviations from acceptable behavior profiles. 2. Misus detection detects activities which match explicit patterns of misus. 3. Hybrid detection integrates anomaly detection and misus detection. The sofistication of hacker tools are by far better than before. It is always the battle between computer protectors and intruders. --

※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.116.104.158