Security Events

Previous page
Table of content
Next page

As network hosts function, various events take place within them that change their state. In terms of security, these events (Fig. 2.1) can be represented by the following two components — action and target. Actions are steps taken by a specific subject (a user, process, etc.) in order to achieve a specific result. They include the following operations: reading, copying, modifying, deleting, and so on. A target represents a logical (an account, process, or data) or physical (a host, network, or component) system object.

User access to a file is an example of an event. When this event happens in accordance with security rules, it is considered to be a normal event. An event is an elementary unit used in current security tools. Although most security tools include a third parameter, namely, an event source, we will not include it in this description of a security model, because this parameter becomes significant only when a real attack exists.

click to expand
Fig. 2.1. A model of a security event

As soon as specific event violates security policy, it must be taken to be a part of an attack.


Previous page
Table of content
Next page
Protect Your Information with Intrusion Detection
Protect Your Information with Intrusion Detection (Power)
ISBN: 1931769117
EAN: 2147483647
Year: 2001
Pages: 152
Authors: A. Lukatsky, Alex Lukatsky
BUY ON AMAZON
VBScript Programmers Reference
The CISSP and CAP Prep Guide: Platinum Edition
Snort Cookbook
FileMaker Pro 8: The Missing Manual
Introduction to 80x86 Assembly Language and Computer Architecture
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy