Intrution Detection Systems
A correct firewall policy can minimize the exposure of many networks however they are quite useless against attacks launched from within. Hackers are also evolving their attacks and network subversion methods. These techniques include email based Trojan, stealth scanning techniques, malicious code and actual attacks, which bypass firewall policies by tunneling access over allowed protocols such as ICMP, HTTP, DNS, etc. Hackers are also very good at creating and releasing malware for the ever-growing list of application vulnerabilities to compromise the few services that are being let through by a firewall.
Internet Information Services (IIS) web servers â€“ which host web pages and serve them to users â€“ are highly popular among business organizations, with over 6 million such servers installed worldwide. Unfortunately, IIS web servers are also popular among hackers and malicious fame-seekers â€“ as a prime target for attacks. As a result, every so often, new exploits emerge which endanger your IIS web serverâ€™s integrity and stability.
Many administrators have a hard time keeping up with the various security patches released for IIS to cope with each new exploit, making it easy for malicious users to find a vulnerable web server on the Internet. Immediate Intrusion Detection suggests that all of these vulnerabilities the same system files, careful monitoring of these files could provide you with an inexpensive form of real-time intrusion detection. The market is currently filled mostly by rule-based IDS solutions aiming at detecting already known attacks by analysing traffic flow and looking for known signatures.
Download seminar docs :