Response | Technology cont’d

• Intrusion detection cont’d

  • Network-based intrusion detection
    • Look for social-engineering influences by determining who’s talking to who and when
      • Inside-to-inside probably OK...
      • Inside-to-outside and outside-to-inside maybe OK
      • Outside-to-outside a definite problem
    • Pattern-based: search for changes, deviations from “normal”
      • Search for off-nominal network behavior... Day-worker Bob logging in at 3:00AM
      • Search for changes in user behavior... Changes in what network resources they use... Changes in what files they access