Đang chuẩn bị liên kết để tải về tài liệu:
Intrusion Detection Patterns

This slide shows an overview of the topics we will cover. If you see patterns in these categories that are not included in this course, we hope you will send them to intrusion@sans.org so they can be added to the collection. Keep in mind that intrusion detection is easy when you know the answer, when it is a familiar pattern; however, it can be hard and frustrating when you do not know the answer. | Intrusion Detection Patterns Please send patterns to intrusion@sans.org Those who do not know history are doomed to repeat it IDIC - SANS GIAC LevelTwo 2000 2001 1 Welcome back. We are getting ready to enter the final major section of this intrusion detection course. From here on out we will be examining a number of intrusion detection signatures dating back as far as 1997. One of the things that is unique about this collection is that almost every pattern is a bonafide detect from the wild as opposed to lab created signatures. There are a couple of exceptions to this each of them is included for a reason and will be noted as an exception on its slide. 1 Section Overview A Word of Warning Denial of Service Attacks Network Vulnerability Scanning Network Mapping Information Gathering Subtle and Stealthy Attacks Coordinated Attacks intrusion@sans.org IDIC - SANS GIAC LevelTwo 2000 2001 2 This slide shows an overview of the topics we will cover. If you see patterns in these categories that are not included in this course we hope you will send them to intrusion@sans.org so they can be added to the collection. Keep in mind that intrusion detection is easy when you know the answer when it is a familiar pattern however it can be hard and frustrating when you do not know the answer. Behind every pattern in this course is also a story. There was a time we did not know these answers and had to find them out. This is why it is so important for each of us to help develop the knowledge of the community. Even patterns that are not added to the main course can be kept in an appendix in case they are ever needed by an analyst. Well let s get started. The first section we will cover is common errors. Your next slide is titled A Word of Warning. 2 Common Errors A Word of Warning Certain patterns tend to be commonly misinterpreted. As an analyst strive to have the highest possible degree of accuracy. One day you may have to make a tough call and you want as much credibility as .