Staf of EC-Council - Ethical Hacking Student Courseware. Certidied Ethical Hacker-Exam 312-50 (EC-Council E-Business Certification Series)

Recap

• Intrusion Detection Systems (IDS) monitors packets on the network wire and attempts to discover if a hacker/hacker is attempting to break into a system

• System Integrity Verifiers (SIV) monitor system files to find when an intruder changes. Tripwire is one of the popular SIVs.

• Intrusion Detection happens either by Anomaly detection or Signature recognition.

• An IDS consists of a special TCP/IP stack that reassembles IP datagram's and TCP streams.

• A simple Protocol verification system can flag invalid packets. This can include valid, by suspicious, behavior such as severally fragmented IP packets

• In order to effectively detect intrusions that use invalid protocol behavior, IDS must reimplement a wide variety of application-layer protocols to detect suspicious or invalid behavior.

• One of the easiest and most common ways for an attacker to slip by a firewall is by installing network software on an internal system that uses a port address permitted by the firewall's configuration.

• Honey pots are programs that simulate one or more network services that you designate on your computer's ports.