Scribd
Upload
14 views8 pages

Intrusion

The document discusses various types of intruders, including masqueraders, misfeasors, and clandestine users, who attempt to access or misuse network resources. It outlines common methods for password guessing and emphasizes the importance of audit records for detecting unauthorized actions. Additionally, it highlights the significance of intrusion detection systems (IDS) and their classification into statistical anomaly detection and rule-based detection to enhance network security.

Uploaded by

mummuboo2121
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views8 pages

Intrusion

The document discusses various types of intruders, including masqueraders, misfeasors, and clandestine users, who attempt to access or misuse network resources. It outlines common methods for password guessing and emphasizes the importance of audit records for detecting unauthorized actions. Additionally, it highlights the significance of intrusion detection systems (IDS) and their classification into statistical anomaly detection and rule-based detection to enhance network security.

Uploaded by

mummuboo2121
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Intrusion

• intruders, they try to intrude into the privacy of a


network.
• Whether the network itself is private (e.g. a Local
Area Network) or public (the Internet) does not
matter.
• What matters is the intent of the attacker, of trying
to intrude. It is generally said that the two most
widely known threats to security are intruders and
viruses
• Masquerader:
• A user who does not have the authority to use a
computer, but penetrates into a system to access a
legitimate user’s account is called as a masquerader.
• It is generally an external user.
• Misfeasor: There are two possible cases for an internal
user to be called as a misfeasor:
• A legitimate user, who does not have access to some
applications, data or resources accesses them.
• A legitimate user, who has access to some applications,
data or resources misuses these privileges.
• Clandestine user: An internal or external user who
tries to work using the privileges of a supervisor
user to avoid auditing information being captured
and recorded is called as a clandestine user.
Some of the popularly known methods of password guessing are
as follows:
1. Try all possible short password combinations (2-3
characters).
2. Collect information about users, such as their full name,
names of family members, their hobbies, etc.
3. Try default passwords that are provided by the supplier of a
software product (e.g. Oracle comes with scott as the user
name and tiger as the password).
4. Try words that people choose as passwords most often.
Hacker bulletin boards maintain these lists. Also, try words
from dictionary.
5. Try using phone numbers, dates of birth, social security
numbers, bank account numbers, etc.
6. Tap the communication line between a user and the host
network.
7. Use a Trojan Horse.
8. Try numbers on the vehicle license plates.
Audit Records
• Audit records are used to record information about
the actions of users. Traces of illegitimate user
actions can be found in these records, so as to
detect intrusions so as to take appropriate actions.
• Native audit records: All multi-user operating
systems have accounting software built-in. This
software records information about all user
actions.
• Detection-specific audit records: This type of audit
records facility collects information specific only to
intrusion detection. This is more focused, but may
duplicate information.
Intrusion Detection
• Intrusion prevention is almost impossible to achieve at all times.
Hence, more focus is on intrusion detection.
• Following factors motivate efforts on intrusion detection:
• (a) The sooner we are able to detect an intrusion, the quicker we
can act. The hope of recovering
• from attacks and losses is directly proportional to how quickly we
are able to detect an intrusion.
• (b) Intrusion detection can help collect more information about
intrusions, strengthening the intrusion prevention methods.
• (c) Intrusion detection systems can act as good deterrents to
intruders.
• Intrusion detection mechanisms, also known as Intrusion
Detection Systems (IDS) are classified into two categories:
Statistical anomaly detection and Rule-based detection. This is
shown in Fig. 9.50.
• Statistical anomaly detection: In this type, behavior of users over
time is captured as statistical data and processed. Rules are
applied to test whether the user behavior was legitimate or not.
• Rule-based detection: A set of rules is applied to
see if a given behavior is suspicious enough to be
classified as an attempt to intrude.

You might also like