FIT2070 Lecture Notes - Lecture 12: Intrusion Detection System, System Resource, System Call
L12 - Security
System Access Threats
● Intruders
○ Masquerader
■ Individual who is not authorized to use the computer
■ Penetrates a system’s access controls to exploit a real user’s account
○ Misfeasor
■ Real user that accesses resources that they are not authorised to
them or misuses account privileges
○ Cladestine User
■ Seizes control
■ Avoids detection
● Malicious Software
○ Programs that exploits vulnerabilities in computing systems
○ Parasitic
■ Fragments of programs that need to be in another application, utility or
program
■ Viruses, logic bombs
○ Independent
■ Self-contained programs that can be scheduled and run by the OS
■ Worms, bot programs
Countermeasures
● Intrusion Detection Systems (IDS’s)
○ A security system that monitors and analyses system events for the purpose
of finding and providing real-time warning or attempts to access system
resources in an unauthorised manner
○ Components
■ Sensors
● Responsible for collecting data
● Input (network packets, log files, system call traces) may be
any part of system that could contain evidence of an intrusion
■ Analyzers
● Receive input from sensors or other analyzers’
● Responsible for determining if an intrusion has occurred
● May provide guidance as what to do
■ User Interface
● Enables user to view output from the system or control the
behaviour of the system
● Firewalls
○ All incoming and outgoing traffic must pass through the firewall
○ Enforces local security policy
○ Secure against attacks
● Authentication
○ Process contains
Document Summary
Individual who is not authorized to use the computer. Penetrates a system"s access controls to exploit a real user"s account. Real user that accesses resources that they are not authorised to them or misuses account privileges. Programs that exploits vulnerabilities in computing systems. Fragments of programs that need to be in another application, utility or program. Self-contained programs that can be scheduled and run by the os. A security system that monitors and analyses system events for the purpose of finding and providing real-time warning or attempts to access system resources in an unauthorised manner. Input (network packets, log files, system call traces) may be any part of system that could contain evidence of an intrusion. Receive input from sensors or other analyzers". Responsible for determining if an intrusion has occurred. May provide guidance as what to do. Enables user to view output from the system or control the behaviour of the system.