Page 57 - CITS - Computer Software Application -TT
P. 57
COMPUTER SOFTWARE APPLICATION - CITS
• Security Audits: Conduct regular security assessments and penetration testing to identify weaknesses before
attackers do.
Intrusion Detection
Intrusion Detection refers to the process of monitoring computer networks or systems to detect unauthorized
access, malicious activities, and potential security breaches. It involves analyzing network and system data in
real-time to identify suspicious or anomalous behavior that could indicate a cyberattack or unauthorized activity.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are used to implement these detection
mechanisms. Here’s an overview of intrusion detection:
1 Types of Intrusion Detection Systems:
• Host-Based IDS (HIDS): Monitors activities on a single host or device, analyzing system logs, file changes,
and other host-specific information.
• Network-Based IDS (NIDS): Monitors network traffic, analyzing packets and network data to identify
patterns of behavior that match known attack signatures or abnormal activities.
• Anomaly-Based IDS: Creates a baseline of normal behavior and then identifies deviations from this
baseline, alerting when behavior falls outside established norms.
• Signature-Based IDS: Compares observed data against a database of known attack patterns or signatures
to identify and alert about specific threats.
2 Detection Techniques:
• Signature-Based Detection: Matches patterns or signatures of known attacks to identify threats.
• Anomaly-Based Detection: Identifies deviations from established normal behavior patterns.
• Heuristic Detection: Employs rules and algorithms to identify potentially malicious activities.
• Behavioral Detection: Observes user and system behaviors to detect suspicious actions.
3 Alerts and Responses:
• When an intrusion is detected, the IDS generates alerts or notifications to inform system administrators or
security personnel.
• Intrusion Prevention Systems (IPS) can take automated actions to block or mitigate detected threats, such
as blocking network traffic from suspicious IP addresses.
4 Benefits:
• Early Detection: Allows for prompt response to potential security breaches, minimizing the impact of
attacks.
• Real-Time Monitoring: Provides continuous monitoring of network and system activities.
• Reduced Downtime: Enables rapid identification and containment of threats, reducing downtime and
system disruptions.
5 Challenges:
• False Positives: IDS may generate alerts for legitimate activities that resemble attack patterns.
• False Negatives: Some sophisticated attacks may evade detection by known signatures or patterns.
• Complexity: Configuring and maintaining IDS systems can be complex and resource-intensive.
• Performance Impact: Intensive monitoring and analysis can impact system performance.
Intrusion Detection plays a critical role in enhancing cybersecurity by identifying potential threats and facilitating
timely responses to mitigate risks. It is an integral part of a comprehensive cybersecurity strategy aimed at
safeguarding digital assets, data, and systems from unauthorized access and attacks.
Virus (Vital Information Resources Under Seize)
Essential Information Compromised: A computer virus is a piece of code or software that can have detrimental
effects on your computer data by either corrupting or completely destroying it. These viruses can rapidly create
copies of themselves and distribute them throughout various folders, resulting in harm to your computer’s data. In
44
CITS : IT&ITES - Computer Software Application - Lesson 01-17