Attack Response
| [ LiB ] |
Earlier IDSs were only involved in monitoring activity and analyzing log files. Today's reactive IDSs can respond to an attack in one of four ways:
-
Terminate the session by performing a Transmission Control Protocol (TCP) reset
-
Block or shun the traffic
-
Create session log files
-
Restrict access
To terminate an attack session, the IDS sends TCP packets with the reset bit set to both the source address of the attack and destination address of the target. To block offending traffic, the IDS instructs another managed device such as a firewall or router to add an entry to the relevant access control list to deny incoming traffic from the offending source address. Session log files can also capture the data transmitted from the source address of the attack. Finally, the IDS can block the attacker's access to the relevant realm or domain.
 | A router, switch, or firewall that is instructed by a sensor to perform blocking is called a managed device . |
| [ LiB ] |
- Assessing Business-IT Alignment Maturity
- Linking the IT Balanced Scorecard to the Business Objectives at a Major Canadian Financial Group
- Technical Issues Related to IT Governance Tactics: Product Metrics, Measurements and Process Control
- Governing Information Technology Through COBIT
- Governance Structures for IT in the Health Care Industry