Summary


Security threats have always been around. Anything of value makes a viable target for a thief. Traditionally, theft required physical access to the object being stolen, limiting the number of attackers and increasing the chances of the perpetrator's being caught.

Mainframes and minicomputers allowed access to a limited number of directly connected dumb terminals. Gradually, the need for extended connectivity became more important. This need for connectivity led to dialup access to mainframes and minicomputers. Adding dialup connectivity increased the scope of attackers by enabling anyone across the world (with access to a telephone and a computer with a modem) to attempt to access the systems.

The development of the Internet has created an environment in which millions of computers across the world are all connected to each other. Furthermore, access to this network is fairly ubiquitous and cheap, enabling any thieves in the world to target your computer, regardless of their physical location.

Many factors impact the security threats that a computer system is vulnerable to. Some threats are more severe than others. When trying to understand why an IPS is necessary in today's networks, you need to consider the following factors:

  • Technology adoption

  • Target value

  • Attack characteristics

Technology Adoption

Businesses don't usually adopt new technologies quickly, because new technology comes with a set of risks, such as poor return on investment, security concerns, training costs, and so on. New technologies are eventually implemented (even though security on these technologies might not be initially incorporated into the solution).

Four widely adopted technologies stand out as having had a tremendous impact on the evolution of security threats and thus the evolution of IPSs:

  • Client-server computing

  • The Internet

  • Wireless connectivity

  • Mobile computing

Client-server is a computing architecture that has largely replaced mainframes because of its lower cost of ownership. In client-server processing, power is not centralized. Instead, it is distributed across many networked computers, each acting as either a client or server. If attackers are able to compromise one computer, any computer connected to the compromised system is now a secondary target. Peer-to-peer networking contributed greatly to this problem by increasing the number of potential pathways between the systems.

Client-server and peer-to-peer architectures multiplied the number of the potential targets. Even so, attackers need to have a way to connect to a network or computer to attack it. The Internet provided an interconnected network of millions of potential targets for attackers to choose from.

Wireless connectivity enables an increase in productivity because it enables users to easily remain connected as they travel from their desk to a meeting in a conference room or from one meeting to another. Furthermore, wireless connectivity is cheaper because you do not have to install switch ports throughout your entire facility. However, without effective security measures installed, it is easy for an attacker to access your wireless network without ever entering your building.

Mobile computing refers to the collection of technologies that makes it possible for employees to remotely perform the same duties they could while at the office. Portable computers, mobile phones, and PDAs are becoming just as powerful as similar non-mobile equipment. Still, many of the computing resources a mobile worker needs are stored in the office so the mobile devices have to be able to access them remotely.

Target Value

Initially, personal computers were lucrative targets for their actual hardware. Currently, computer hardware is relatively cheap; however, personal computers are still lucrative targets because of the following factors:

  • Information theft

  • Zombie systems acquisition

The information stored on personal computers (both business and personal) has become much more valuable. Today, it is common for millions of people to access their banks and other financial institutions using their personal computers. Business computers frequently house sensitive information such as source code and business roadmaps. The information stored on computers has become more valuable than the actual systems themselves.

With the deployment of high-speed Internet connections, many people have systems directly connected to the Internet 24 hours a day (dramatically increasing the attack window timeframe). By compromising these vulnerable systems, attackers can build a network of machines (known as zombies) that they can use to perform various kinds of attacks. Furthermore, these attacks do not directly originate from the attackers, so tracing the attack back to the real attackers becomes more difficult.

Attack Characteristics

When an attack has one or more characteristics that are dramatically more dangerous than the same characteristic(s) in previous attacks, it is an indication that existing security countermeasures might not be enough to stop it. Four major attack characteristics are as follows:

  • Delivery mechanism

  • Complexity

  • Target

  • Impact

Delivery mechanism is the method by which an attack is disseminated. When considering the attack delivery mechanism, you need to consider the following two aspects:

  • Reach of the attacker

  • Protection from discovery

Attack complexity is a measurement of the attack based on the following two factors:

  • Complexity to launch the attack

  • Complexity to detect the attack

The following two factors determine the threat level in the target category:

  • Total number of potential targets

  • Value of the potential targets (impact if compromised)

The final attack characteristic is the impact that the attack generates. Many times, the impact is related to the intent of the attacker. Some common goals of an attacker include the following:

  • Curiosity

  • DoS

  • Theft of confidential information

  • Revenge

  • Construction of a network of compromised machines

Over the last two decades, attacks have become more dangerous and difficult to defeat. They have more effective delivery mechanisms, are more complex, hit more targets, and do more damage. Furthermore, today's attacks are developed very rapidly and take advantage of vulnerabilities in commonly used communication mechanisms and required services.

You have essentially two types of IPSs: Network and Host. A Network IPS analyzes network activity. A Host IPS examines activities on each individual computer. Deficiencies in both Network- and Host-based Intrusion Detection led to the development of the current IPS product offerings.

Intrusion Prevention provides numerous capabilities at both the host level and the network level, but from a high-level perspective, the capabilities provided by Intrusion Prevention fall into the following two major categories:

  • Attack prevention

  • Regulatory compliance




Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net