Startup and Technology News

We call IDS ( Intrusion Detection System ) a mechanism that listens to network traffic in a furtive way in order to identify abnormal or suspicious activities and thus making it possible to have a preventive action on the risks of intrusion. There are two main distinct families of IDS: The NIDS ( Network-Based Intrusion Detection System ), they provide security at the network level.The H-IDS ( Host Based Intrusion Detection System ), they provide security at host. An N-IDS requires dedicated hardware and constitutes a system capable of monitoring the packets circulating on one or more network link (s) in order to discover if a malicious or abnormal act takes place. The N-IDS places one or more network interface cards of the dedicated system in promiscuous mode , they are then in "stealth" mode so that they do not have an IP address . They also do not have a protocol stack attached. It is frequent to find several IDS on the various parts of the network and in particular...

For organizations that want to maximize their security strategies, but cannot fund full-time security teams, initiatives like MDR can be a viable option. Why? To facilitate the work of security teams, when creating an incident response team, it is necessary to set up an organizational structure with a policy that is applicable and mainly effective. (this section seems a little out of place) Essentially, MDR is made up of security analysts and response analysts who examine an organization's records for suspicious events. For example: proactive threat detection and analysis, including vulnerability analysis, patches, firmware updates and monitoring of intrusion prevention and detection systems (  IDS / IPS  ). After registering a malicious activity, the team will do a more in-depth analysis. MDR is then responsible for researching threats and resolving incidents. This creates a delivery process for solving the analyzed case - such as notification to the customer, threat intelli...

Reconfiguration of external devices (firewall or ACL on routers): it is a command sent by N-IDS to an external device (with a packet filter or firewall) so that it can be reconfigured immediately and can block an intrusion. This reconfiguration is possible by sending data that explains the alert (in the package header). Sending an SNMP trap to an external supervisor (SNMP trap): sending an alert (and details of the data involved) in the form of an SNMP datagram to an external console such as HP OpenView Tivoli, Cabletron, Spectrum etc. Sending an e-mail to one or more users: sending an e-mail to one or more mailboxes to report a serious intrusion. Attack log: it is the backup of the details of the alert in a central database, including information such as the recording of the date, the IP address of the intruder, the IP address of the destination, the protocol used and the payload. Suspicious packet storage: store all captured original packets and / or packets that triggered t...