Page 57 - CITS - Computer Software Application -TT
P. 57

COMPUTER SOFTWARE APPLICATION - CITS




           •  Security Audits: Conduct regular security assessments and penetration testing to identify weaknesses before
              attackers do.
           Intrusion Detection

           Intrusion Detection refers to the process of monitoring computer networks or systems to detect unauthorized
           access, malicious activities, and potential security breaches. It involves analyzing network and system data in
           real-time to identify suspicious or anomalous behavior that could indicate a cyberattack or unauthorized activity.
           Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are used to implement these detection
           mechanisms. Here’s an overview of intrusion detection:
           1  Types of Intrusion Detection Systems:
              •  Host-Based IDS (HIDS): Monitors activities on a single host or device, analyzing system logs, file changes,
                 and other host-specific information.
              •  Network-Based IDS (NIDS):  Monitors  network  traffic,  analyzing  packets  and  network  data  to  identify
                 patterns of behavior that match known attack signatures or abnormal activities.
              •  Anomaly-Based IDS:  Creates  a  baseline  of  normal  behavior  and  then  identifies  deviations  from  this
                 baseline, alerting when behavior falls outside established norms.
              •  Signature-Based IDS: Compares observed data against a database of known attack patterns or signatures
                 to identify and alert about specific threats.
           2  Detection Techniques:
              •  Signature-Based Detection: Matches patterns or signatures of known attacks to identify threats.
              •  Anomaly-Based Detection: Identifies deviations from established normal behavior patterns.

              •  Heuristic Detection: Employs rules and algorithms to identify potentially malicious activities.
              •  Behavioral Detection: Observes user and system behaviors to detect suspicious actions.
           3  Alerts and Responses:
              •  When an intrusion is detected, the IDS generates alerts or notifications to inform system administrators or
                 security personnel.
              •  Intrusion Prevention Systems (IPS) can take automated actions to block or mitigate detected threats, such
                 as blocking network traffic from suspicious IP addresses.

           4  Benefits:
              •  Early Detection:  Allows  for  prompt  response  to  potential  security  breaches,  minimizing  the  impact  of
                 attacks.
              •  Real-Time Monitoring: Provides continuous monitoring of network and system activities.

              •  Reduced  Downtime:  Enables  rapid  identification  and  containment  of  threats,  reducing  downtime  and
                 system disruptions.
           5  Challenges:

              •  False Positives: IDS may generate alerts for legitimate activities that resemble attack patterns.
              •  False Negatives: Some sophisticated attacks may evade detection by known signatures or patterns.
              •  Complexity: Configuring and maintaining IDS systems can be complex and resource-intensive.
              •  Performance Impact: Intensive monitoring and analysis can impact system performance.
           Intrusion Detection plays a critical role in enhancing cybersecurity by identifying potential threats and facilitating
           timely  responses  to  mitigate  risks.  It  is  an  integral  part  of  a  comprehensive  cybersecurity  strategy  aimed  at
           safeguarding digital assets, data, and systems from unauthorized access and attacks.

           Virus (Vital Information Resources Under Seize)
           Essential Information Compromised: A computer virus is a piece of code or software that can have detrimental
           effects on your computer data by either corrupting or completely destroying it. These viruses can rapidly create
           copies of themselves and distribute them throughout various folders, resulting in harm to your computer’s data. In


                                                           44

                              CITS : IT&ITES - Computer Software Application - Lesson 01-17
   52   53   54   55   56   57   58   59   60   61   62