Chapter 12: Common IDS Problems


Overview

Despite all the advantages provided by intrusion detection systems, they are not a universal solution to all problems. Like any other security tool, intrusion detection systems have their own field of application and their own limitations. For example, the following problems are common for an IDS [Allen1-99]:

  • Improvement of hackers' skills and qualifications, growth in the number of available automated hacking tools and their variety (see Fig. 2.12)

  • Use of newer, more sophisticated penetration scenarios

  • Use of encryption functions for transmission of malicious information (for example, TFN2K)

  • Having to correlate data collected from the components of an IDS installed in a heterogeneous network combining Windows NT, Windows 2000, Linux, Solaris, HP UX, AIX, and other operating systems

  • An increase in the amount of network traffic that needs to be analyzed

  • Limited network visibility in networks with packet switching

  • Performance problems in high-speed networks that do not always allow you to detect attacks in real-time mode (and, consequently, react to them in time)

  • A lack of commonly adopted terminology in the field of intrusion detection

  • The dependence of intrusion detection systems on their manufacturers, which introduces additional difficulties when purchasing such systems and working with them, thus making them inefficient

  • The risk that is characteristic of manual response methods

  • Attacks on intrusion detection systems

  • A large number of false positives and false negatives

  • An insufficient number of criteria for evaluating and testing such systems




Protect Your Information with Intrusion Detection
Protect Your Information with Intrusion Detection (Power)
ISBN: 1931769117
EAN: 2147483647
Year: 2001
Pages: 152

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net