Skip to main content

Featured

Honeypot & its Types

Honeypot & its Types: Honeypot is a security mechanism which records all the actions, transactions and interactions with users. They are used to track the attackers and defend the attacks. Based on their deployment types, it is classified into – Production honeypots –  Easy to use but they capture only limited information. They are placed inside production networks to improve security. Research Honeypots -Works better in gathering information about attackers. They research the threats of the organization and tries to prevent the threats. These are complex to deploy and maintain. Based on design criteria, the honeypots are classified into – Pure honeypots – Activities are monitored using the honeypot’s installed link to the network. High interaction – Multiple honeypots in a single system. More secure, difficult to detect, expensive to maintain. Low interaction – Simulate the services of attackers.
Read more

How the intrusion detection system works

How the intrusion detection system works:

Any network security plan should include an intrusion detection and intrusion prevention system. An IDS will understand the content of packet headers such as flags, options, IP address and ports. IDS monitors the intrusions and prevents the intruder from entering the system. IPS can detect the intrusion in earlier stage itself and IPS(Intrusion prevention system) is used to stop the attack from happening. IDS mostly work based on pattern matching and detection of statistical anomalies.

Intrusion detection Approaches:

There are two types of IDS approach –

  • Host based – Software is installed in a single system and the data from that system is used to detect intrusions. It protects the specific computer. It also monitors the ports and triggers alert in case of any intrusion occurs in the port.
  • Network Based – It is used to monitor multiple hosts to detect intrusions in multiple systems. Here IDS examines the packet headers also, this enables detection of DOS attacks.

    IDS Tools:

    The most popular freeware of IDS is Snort which is used to perform real time analysis of IP packets. Other tools for IDS are GFI LANGuard S.I.M, Tripwire. There are some commercial version of IDS such as ISS real secure and GFI LANGuard S.E.L.M. Few IDS appliances are IntruShield, Cisco IDS, Top layer attack mitigator IPS and Proventia IDS.

Popular Posts