[cpst] A brief introduction about internet intrusion and intrus
A brief introduction about internet intrusion and intrusion detecting system
The outline of this introduction is about:
Attack type
What is hacker?
Hack Process
Usual technique
There are five kinds of attack types:
1. Surveillance or Probing
Unauthorized probing of a machine or network to look for vulnerabilities,
explore configurations, or map the network's topology.
Ex: port-scan, ping-sweep
2.Remote to local
Unauthorized obtaining of user preivileges on a local host by a remote user
without without such privileges.
EX: password guessing
3. User to root
Unauthorized access to local suoerviser or administrator privileges by a
local unprivileged
Ex: Various of buffer overflow attacks
4. Denial of service
Unauthorized attempt to disrupt the normal functioning of a victim host or
network
Ex: ping-of death、teardrop、smurf、syn flood
5. Data compromise
Unauthorized access or modification of data on local host tor remote host
What is hacker ? A hacker is a person with mastery of computers. A cracker is a
person who attempt to gain unauthorized access to computer systems. A script
kiddle is a person who simply follows directions without fully understanding
the meaning of the steps they are performing.
This is the rough process of a hacker's intrusion. First is to probe, which is
to map out the network and determine details on the systems about the network.
Secon is to penetrate. Once the systems and potentially vulnerable services
have been discovered, the next step is an attack. Once the machine has been
owned, it make it easier to get back onto the system. The next is propagate.
Once the attacker has an established presence, the next is to look for what
else is avalible. The final step is paralyze. It is the final goal of a
targeted attack. The attacker goes after the environment with a goal in mind.
What is Buffer Overflow? It is an anomalous condition where a process attempts
to store data beyond the boundaries of a buffer. There are two chief overflows:
1. Stack-based overflow
By overwriting the return address in a stack frame.
2. Heap-based overflow
Depend on important variables being stored in memory after a buffer that can
be overflowed.
What is security management model ?
The first step is prevention. The second step is detection. The third step is
investigation. The fourth step is recovery/solution. In the course of the first
step and secondstep, it is making monitors and analyses. In the course of the
second step and the third step, it is detecting the problem. In the course of
the third step and the fourth step, it is finding the problems. In the course
of the fourth step to a new first step, it is finding errors and correct them.
The difference between host-based internet detection system and network-based
internet detection system is as follows. Host-based IDE has strong deterrence
for intruders, but network-based IDE's is weaker. The host-based has a strong
detection for insiders but weak detection for outsiders. On the contrary, the
network-based has a strong detection for outsiders but weak detection for
insiders. The host-based is excellent for determining extent of compromises,
but the network based is very weak in damage assessment capabilities.
What is intrusion analysis mechanism?It encompasses three kinds of detections:
1. Anomaly detection detects deviations from acceptable behavior profiles.
2. Misus detection detects activities which match explicit patterns of misus.
3. Hybrid detection integrates anomaly detection and misus detection.
The sofistication of hacker tools are by far better than before. It is always
the battle between computer protectors and intruders.
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 140.116.104.158
EngTalk 近期熱門文章
PTT職涯區 即時熱門文章
