Please enable JavaScript.
Coggle requires JavaScript to display documents.
Existing systems for Data Protection (IDS/IPS (Components of IDS/IPS…
Existing systems for Data Protection
IDS/IPS
Intrusion Detection Systems
Monitors network traffic for malicious activities
Intrusion Prevention Systems
Similar to the detection system but also attempts to block or stop activies
NIDS/NIPS
Check packets on the network and looks at the data to identify an attack
HIDS/HIPS
Monitor the state of one specific system and verify that all behaviour is as expected
Components of IDS/IPS
Network Sensors
Detect and send data to systems
Central Monitoring System
processes data from sensors
Report Analysis
Assesses how to counteract a specfific event
Database
Stores information about the attackers
Response Box
Uses information from all the components to form a response
Approaches
Signature/pattern matching
uses a database of known attacks and methods
Anomaly-detection
Tracks authorised behaviour and allows that, the system learns over time what is allowed and whatever isnt usual is blocked
Anti-Malware
Types
Virus
replicates itself by attaching itself to a different program so that when its run the virus is also run
Network Worm
self-spreading over a network without requiring user input
Trojan Horse
A malicious program that is disquised or hidden inside seemingly harmless programs or websites
Spyware
Embedded malicious code
Code that has been placed in a program by the developer to be malicious
Anti malware is very effective in real time but it only looks at threats from outside of the system. It mostly uses signature recognition.
Firewalls
Deep Packet Inspection (DPI)
Pattern Definition Language
Uses signatures to detect known protocols and is used to apply the relevant rules
Reassembles TCP packets that arrive out of order
Deep Packet inspection preproccesses the packets to allow for them to be analysed