Re: An insider attack scenario
- From: Jeremy Bennett <jeremyfb@xxxxxxx>
- Date: Wed, 10 Jun 2009 10:55:33 -0700
An IPS is very valuable both in protecting a DMZ and in protecting internal assets. However, it is not a panacea. A secure network topology should include department firewalls separating off subnets that have different access restrictions and individual hosts should be secured as well.
So, even if the IPS administrator was your internal attacker he or she should not be able to gain unauthorized access because other measures are in place.
To be honest an internal IPS would be one of the last security devices I would invest in when securing an internal network.
-J
On Jun 10, 2009, at 8:24 AM, pamaclark@xxxxxxxxx wrote:
Hi,
I'm new to IDS/IPS...
Suppose a company has a large network, which is divided into several sub-network segments. Due to finance or staffs restrictions, the company could only use a limited number of sensors, hence leave some internal sub-networks unmonitored. I guess this is quite common in real world right?
So, if I were an inside attacker, I may find out sensor locations (either physical of logical locations) by fingerprinting the sensors as discussed in some previous threads or whatever tricks. Means I will know which sub-networks are monitored and others are not, right? So that I can launch attacks to those unmonitored network segments without being detected.
Does this sound plausible? And what current IDS/IPS technologies can be used to against this?
Thanks
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- References:
- An insider attack scenario
- From: pamaclark
- An insider attack scenario
- Prev by Date: Re: An insider attack scenario
- Next by Date: Re: An insider attack scenario
- Previous by thread: Re: An insider attack scenario
- Next by thread: Re: An insider attack scenario
- Index(es):
Relevant Pages
|
