Comparative analysis of intrusion detection systems on library information systems
Download 133.77 Kb.
|
maqola new (2)
- Bu sahifa navigatsiya:
- Network Vulnerability Scanner
|
Vulnerability Scanners
A vulnerability scanner differs from an IDS, mentioned earlier, in that the vulnerability scanner looks for static configurations and the IDS looks for transient misuse or abnormalities [7]. Vulnerability scanners, whether network or host scanners, give the organization the opportunity to fix problems before they arise, rather than reacting to an intrusion or misuse that is already in progress. An IDS detects intrusions in progress, while a vulnerability scanner allows the organization to prevent the intrusion in the first place. Vulnerability scanners may be helpful in organizations without a good incident response capability. Network Vulnerability Scanner A network vulnerability scanner (NVS) operates remotely by examining the network interface on a remote system. It will look for vulnerable services running on that remote machine, and report on a possible vulnerability. Since a NVS can be run from a single machine on the network, it can be installed without impacting the configuration management of other machines. They are frequently used by auditors and security groups because of providing an “outsider’s view” of security holes in a computer or network. NVS can report on a variety of target architectures. NVS are, in general, very easy to install and begin using. Unlike host-based systems, which usually require software installation or reconfiguration, a network-based system can be dropped into place on a network. Simply plug the interface into the switch and boot up the machine. Network vulnerability scanners are almost exclusively signature-based systems. Like a signature-based IDS, a signature-based vulnerability scanner can only detect those vulnerabilities it is programmed to recognize. If a new vulnerability comes into play, as they frequently do, there is a window of opportunity for the attacker before the vendor updates the signatures (and the customer downloads and installs the new signatures). If the vulnerability remains closely held, systems can remain vulnerable to attack for long periods of time. So, network vulnerability scanners tend to contain a huge amount of vulnerability data [8]. Protect the scanner to prevent unauthorized use of scanning data. Download 133.77 Kb. Do'stlaringiz bilan baham: 
|