There are several areas, or layers, where intrusions into a system can occur. At the “wire” or network layer, there are several tools that can successfully discern the nature of traffic for most commercial protocols. But how do you respond to the challenge of knowing what happens when you need to analyze “above the wire”, at the operating system and application layers? What about when traffic is properly formed and does not trigger IDS rules? By focusing on the WAN/LAN layer traffic and looking for “exception traffic” – signatures within packets that are indicative of malicious intent - properly formed, legal traffic is virtually ignored. With attackers getting more sophisticated, the analyst needs to respond with tools that can be used above the wire at the application and operating system level.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
