Mister Disagree

Lecture 9: Intrusion Detection System


Intruders
- Significant issue hostile/unwanted trespass - from benign to serious
- User trespass - unauthorized logon, privilege abuse
- Software trespass - virus, worm, or trojan horse
- Classes of intruders: - masquerader, misfeasor, clandestine user

-Security Intrusion & Detection

Security Intrusion - a security event, or combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.

Intrusion Detection - a security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner.


Hackers
1. motivated by thrill of access and status
2. benign intruders might be tolerable
3. IDS / IPS / VPNs can help counter

Intrusion Detection Systems
- Classify intrusion detection systems (IDSs) as:
1. Host-based IDS: monitor single host activity
2. Network-based IDS: monitor network traffic

- Logical components:
1. sensors - collect data
2. analyzers - determine if intrusion has
3. occurred
4. user interface - manage / direct / view IDS

IDS Principles
- assume intruder behavior differs from
- legitimate users
- from past history

IDS Requirements
- run continually
- be fault tolerant
- resist subversion
- impose a minimal overhead on system
- configured according to system security policies
- adapt to changes in systems and users
- scale to monitor large numbers of systems
- provide graceful degradation of service
- allow dynamic reconfiguration

Types of IDS
1. Host IDS
2. Network IDS
3. Distributed IDS

Intrusion Detection Techniques
- signature detection
- anomaly detection
- when potential violation detected sensor sends an alert and logs information

Anomaly Detection
- threshold detection
◦ checks excessive event occurrences over time
◦ alone a crude and ineffective intruder detector
◦ must determine both thresholds and time intervals

Signature Detection - observe events on system and applying a set of rules to decide if intruder

Honeypot
• are decoy systems
– filled with fabricated info
– instrumented with monitors / event loggers
– divert and hold attacker to collect activity info
– without exposing production systems
• initially were single systems
• more recently are/emulate entire networks



Lecture 10: Legal and Ethical Issues in Computer Security

Legal & Ethical
- Law
- a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority
- implies imposition by a sovereign authority and the obligation of obedience on the part of all subject to that authority
- Ethics
- a set of moral principles or values
- the principles of conduct governing an individual or a group
- an objectively defined standard of right and wrong

Categories of Law
- Civil law
- Criminal law
- Tort law

Categories of unethical and illegal behavior:
- Ignorance
- Accident
- Intent

Ethics Concept
- Ethical Differences Across Cultures
- Software License Infringement
- Illicit Use
- Misuse of Corporate Resources
- Ethics and Education
- Deterrence to Unethical and Illegal Behavior

Computer Crime
- A computer can be :
- attacked
- used to attack
- used as a means to commit crime