Nytro Posted January 18, 2013 Report Posted January 18, 2013 Detecting System IntrusionsPrepared on January 15, 2013 by:Demyo Inc. is one hundred percent IT security oriented company with headquarters in Miami, Florida, USA.Demyo Inc. delivers comprehensive penetration testing, vulnerability assessment, incident response, and compliance audit services just to name a few. Find out more at:Demyo, Inc.info@demyo.comIntroductionFirst things first, detecting system intrusion its not the same as Intrusion Detection System/Intrusion Prevention System (IDS/IPS). We want to detect system intrusion once attackers passed all defensive technologies in the company, such as IDS/IPS mentioned above, full packet capture devices with analysts behind them, firewalls, physical security guards, and all other preventive technologies and techniques. Many preventing technologies are using blacklisting [1] most of the time, and thus that’s why they fail. Blacklisting is allowing everything by default, and forbidding something that is considered to be malicious. So for attacker it is a challenge to find yet another way to bypass the filter. It is so much harder to circumvent a whitelisting system.Download:www.exploit-db.com/download_pdf/24155 Quote
