----- Original Message ----- From: Philip S Tellis philip.tellis@iname.com
Great work philip!! pl find my inputs interspersed....
risk=(threat*vulnerability*impact)
Threat: the probability of being attacked Vulnerability: how easy is it to break in Impact: what is the cost of recovering from an attack
Impact has to include cost of damage done too. For eg.Whats the impact of losing a product design before its patented?
Intrusion Detection is the ability to detect people trying to
compromise
your system. Intrusion detection is divided into two main categories, host based, and network based. Basically, if you use a single host to monitor itself, you are using a host based IDS, and if you use a single host to monitor your entire network, you are using a network
based IDS.
actually, one host cannot be used for an entire network(unless you have a very small network), since the IDS sensors would get traffic only from their particular network segment.(of course, i'm talking about switched networks, which i believe are the norm nowadays).So you usually have many hosts for a network, each filing a report to a central manager.
I think it would pay to mention here about IDS sensors that read and interpret logs, and sensors that react to actual network traffic.
I think you missed out talking about sniffers.
All in all, a great ready reckoner!
regards, kishor
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com