At this point in this book you have seen quite a number
of ways to break into a computer system, network, or
organization. The problem is that though a lot of these attacks
are effective at getting information and other items from a target, they can be detected or
thwarted. Today’s networks and environments employ a range of defensive and detective
measures designed to deal with such attacks.
Today’s corporations employ many defensive measures, each with its own way
of putting a stop to your attack. Intrusion detection systems (IDSs), intrusion prevention
systems (IPSs), firewalls, honeypots, and others form potent obstacles to your activities.
Although these devices are formidable they are not insurmountable, so you need to
first learn how they work and then see what you can do to overcome the obstacles or
just get around them altogether. This chapter focuses on these systems and how to deal
with them.
Honeypots, IDSs, and Firewalls
Before we delve into the various evasion techniques you can use to get around a defender’s
defensive and detective mechanisms, you must learn how they work. We’ll look at each of
these systems and show what they are designed to defend against and how they detect or
stop an attack.
The Role of Intrusion Detection Systems
An intrusion detection system (IDS) is an application or device used to gather and analyze
information that passes across a network or host. An IDS is designed to analyze, identify,
and report on any violations or misuse of a network or host.
Let’s take a close look at how an IDS works. An IDS is used to monitor and protect
networks by detecting malicious activity and reporting it to a network administrator. Once
activities of this type are detected, an administrator is alerted.
Here are some things to keep in mind as we go forward. An IDS:
■ Is designed to detect malicious or nonstandard behavior
■ Gathers information from within a network to detect violations of security policy
■ Reports violations and deviations to an administrator or system owner