IPSes can also use statistical techniques to analyze typical patterns of system use on a server or a network. These patterns are then used as a baseline for comparing with ongoing system use; any significant deviation for the baseline could indicate an attack. Complementing statistical technique are rule-based approaches that use heuristics, or rules of thumb, for detecting anomalies in system activity.
Figure 3.2: In a DDoS attack, multiple devices (red) flood a server with requests, overwhelming the server and blocking legitimate users (green).
How to Assess and Mitigate Information Security Threats
Malware: The ever-evolving threat
Information theft and cryptographic attacks
Attacks targeted to specific applications
Threats to physical security
Balancing the cost and benefits of countermeasures
This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.
This was first published in January 2007