Principles of Incident Response and Disaster Recovery Term Paper

Download this Term Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Term Paper:

Disaster Recovery

Intrusion detection is the method of keeping track of the events taking place inside a computer or perhaps a network and then examining them to get indications of potential situations, that are transgressions or impending dangers of breach of IT security procedures, appropriate usage guidelines, or standardized security strategies. Intrusion prevention is the method of carrying out intrusion detection as well as trying to stop recognized potential situations. Intrusion detection as well as prevention systems (IDPS) happen to be mainly centered on determining potential situations, writing down details about them, trying to end all of them, as well as reporting these to security managers. Additionally, businesses make use of IDPSs for various other objectives, like identifying issues with security guidelines, documenting current risks, as well as stopping people from breaking safety guidelines. IDPSs have grown to be an essential accessory for the security system involving just about any business (Scarfone and Mell, 2007).

IDPSs usually record data associated with detected incidents, inform security managers of essential detected incidents, and create reviews. Numerous IDPSs may also react to a recognized threat by trying to stop it from being successful. They normally use a number of response methods, which entail the IDPS preventing the strike itself, altering the security atmosphere (e.g., reconfiguring a firewall software), or altering the breach's content material (Scarfone and Mell, 2007).

This paper will illustrate the traits of IDPS solutions and present a table in which the individual attributes as well as types involving the IDPS solutions are going to be reviewed. This is going to be accompanied by a section discussing the administration of the IDPS solutions. The fact is that the designs of IDPS technologies happen to be classified mainly by the kinds of incidents which they keep track of as well as the ways by which they happen to be integrated (Scarfone and Mell, 2007). This paper covers the management i.e. maintenance as well as challenges involving the following 4 kinds of IDPS solutions:

-Network-Centered, which keeps track of network visitors for specific system sections or tools and evaluates the network as well as program protocol process to recognize dubious actions;

-Wireless-centered, which in turn keeps track of wireless system visitors as well as evaluates it to recognize dubious actions relating to the wireless networking standards;

-Networking Behavior Assessment (NBA), which investigates network visitors to determine risks that produce unconventional visitors stats, like dispersed denial of service (DDoS) intrusions, specific types of spyware and adware, as well as policy transgressions (e.g., a customer system offering network solutions for some other systems)

-Web-Host-Centered, which keeps track of the traits of the single web host as well as the incidents taking place inside that particular host for dubious actions (Scarfone and Mell, 2007).

IDPS Details





Provides critical, deep-packet analysis and application awareness; accurately detects attacks and proactively reports indicators of future information loss or service interruption



Wireless device inventory, threat index analysis, location tracking, advanced rogue management and automated protection



Architected for maximum scalability and ease of deployment



Provides network, security, and IT administrators with an single platform of network intelligence for all parties


Cisco IPS

Provides network-wide, distributed protection from many attacks, exploits, worms, and viruses exploiting vulnerabilities in operating systems and applications



Applies built-in signatures and sophisticated protocol analysis with behavioral pattern sets and automated event correlation to help prevent known and unknown attacks



IDS Management

Protection and Maintenance

IDS routine maintenance is necessary for each and every IDS technology. For the reason that risks as well as deterrence systems will always be modifying, parts, signatures, as well as designs should be kept up-to-date to make sure that the most recent malicious website traffic has been recognized as well as avoided. Normally a graphical interface (GUI), software, or safe Web-founded interface does routine maintenance from within the system. In the system, managers can keep track of IDS elements to make sure they happen to be functional, confirm that they are in working order, and carry out susceptibility evaluations and then upgrades (Base and Mell, 2001).


In order to work, an IDS should be updated precisely. Fine-tuning demands altering configurations to remain in conformity while using security guidelines and objectives from the IDS manager. Deciphering methods, thresholds, as well as attention could be tuned to make sure that an IDS is actually figuring out pertinent information devoid of over-loading the manager with alerts or way too many fake positives. Fine-tuning is time-intensive, however it should be carried out to assure an effective IDS settings is in place. One should keep in mind that fine-tuning is unique to the particular IDS product or service (Base and Mell, 2001).

Detection Reliability and Accuracy

The precision of the IDS depends upon the manner in which it identifies, like from the rule set. Signature-dependent identification picks up only easy and popular intrusions, while anomaly-centered identification could very well identify many more kinds of intrusions, however features a greater quantity of fake positives. Fine-tuning is needed to reduce the amount of fake positives and also to create the data much more helpful (Base and Mell, 2001).

Challenges pertinent to IDS

It is essential to keep in mind that an IDS is simply one of the many applications within the security professional's toolbox to protect against intrusions as well as attacks. Just like any application, just about all IDS have their own individual restrictions and also problems. A lot is dependent upon the way they are used and applied; nevertheless generally speaking, IDS ought to be provided together with other applications to adequately shield a system. Far more importantly security ought to be designed and maintained. Staff should be taught to maintain beneficial security behavior and also to be skeptical about social engineering (Kent and Warnock, 2004).

IDS technological innovation carries on to progress and develop. As restrictions are noticed, brand-new identification instruments are now being designed. Forensic technologies have become an encouraging new way to obtain detection methods. Web-host-Centered Security Programs (WHCSP) have additionally been growing in reputation. The main focus of WHSP-centered systems protection is actually moving from purely perimeter administration to security administration from the website hosts (Kent and Warnock, 2004).


Applications Utilized in Intrusions

For the reason that the entire world gets to be more linked to the cyberworld, intruders and online hackers have become significantly advanced, particularly in the usage of automatic applications to get into systems. Simultaneously, cybercriminals have become much more organized and may bring about extremely synchronized and complex intrusions. Listed here are common models of applications that intruders make use of-

-Scanning Tools-These power tools permit intrusions to review as well as evaluate system traits. This software can figures out the OS utilized by system devices, and after that determine weaknesses as well as possible network plug-ins for a breach. A number of applications may also carry out slowly timed reviews of the target system to be able to not set off an IDS.

-Virtual Administration Applications-Virtual administration applications are utilized frequently by systems managers to handle a network through controlling and maintaining systems equipment from within a remote destination. Nevertheless, exactly the same applications may be used by intruders to likewise manage target equipment, occasionally discreetly. In addition, intruders have already been making various adware and spyware to undertake intrusions. Spyware and adware may include trojan viruses, Root-kits, Back-doors, malware, key stroke loggers, as well as botnets (Kent and Warnock, 2004).

Social Engineering

Regardless of the presence of advanced specialized applications, social engineering continues to be probably the most efficient ways of intrusions to help infiltrate devices. By far the most meticulously secured system on the planet utilizing the newest technological innovations could be cracked when workers are fooled into exposing passwords as well as other susceptible data. In addition to physically safe-guarding systems, security experts should make sure that employees as well as staff are taught to identify social engineering methods like phishing intrusions. Staff must also create risk-free practices like locking computer monitors as soon as they are not doing anything, remaining watchful when getting rid of notes which have confidential data, as well as heeding safety measures furnished by web browsers when checking out Websites. Nevertheless, the issue is amplified when businesses utilizing various networks ought to reveal possibly sensitive data. Trust involving the businesses to not disclose each other's information may become a big problem (Kent and Warnock, 2004).

Additional Challenges within IDS

IDS Scalability within Sizeable Systems

Numerous systems and networks happen to be large and may possibly include a heterogeneous group of 1000s of gadgets. Sub-equipment inside a big network might connect utilizing various solutions as well as methods. A particular obstacle for IDS gadgets implemented across a big network has been for IDS equipment to connect all over sub-systems, occasionally via firewalls as well as gateways. On various parts of the network, system tools could use various data formats and various standards for interaction.…[continue]

Cite This Term Paper:

"Principles Of Incident Response And Disaster Recovery" (2013, October 19) Retrieved December 10, 2016, from

"Principles Of Incident Response And Disaster Recovery" 19 October 2013. Web.10 December. 2016. <>

"Principles Of Incident Response And Disaster Recovery", 19 October 2013, Accessed.10 December. 2016,

Other Documents Pertaining To This Topic

  • Disaster Response and Procedures in DHS

    National Response Framework Mission Area The National Response Framework refers to a guide developed to provide directions on the ways in which the state response to different types of disasters and emergencies. The guide bases its principles on concepts such as flexibility, scalability, and adaptability that align the functions and responsibilities of the emergency response of the recovery team. As such, it implies that the NRF describes the roles, principles,

  • Business Continuity and Disaster Recovery

    Protection for employees If employees adhere to the rules of the acceptable use policy, there are less liable to questionable issues. This also prevents them from engaging in hazardous internet issues, for instance, they are less likely to disclose their contacts to crackers using social engineering approaches. Moreover, ABBA should settle on using universal guidelines and principles with respect to network security, it risk assessment, risk analysis, and risk management. In

  • Comprehensive Disaster Planning

    Disaster Planning A Review of Crisis and Disaster Prevention Literature Disasters strike weekly, sometimes daily, all around the world. Crises happen, simply because humans create and perpetuate them. This is why nations and the leaders within them, just as companies and their leaders, ought to be ready for any eventuality. Crisis and disaster prevention thus becomes, not a need, but a vital fact of reality, and those who want to survive

  • National Incident Management System

    National Incident Management System Theoretical Analysis of National Incident Management System (NIMS) The Federal Government established the National Incident Management System (NIMS) under the Homeland Security Presidential Directive number 5 in February 2003. The Secretary of Homeland Security played an important role of developing and administering national incident management system. NIMS provide a reliable and consistent approach to responding to all forms of incidents irrespective of size and scope (Walsh 2012). The

  • National Response Framework Incident Annexes Timely Responses

    National Response Framework Incident Annexes Timely responses to natural and manmade disasters require the effective coordination of numerous federal, state and local resources. Indeed, effective responses can make the difference between life and death for countless citizens, and there is therefore a need for a framework to coordinate these disparate but valuable first responder resources. In this regard, the National Response Framework provides such a framework, but given the enormous

  • Dombrowsky Disaster as a Trigger Joseph Scanlon

    Dombrowsky "Disaster" as a Trigger Joseph Scanlon, Director of the Emergency Communications Research Unit at Carleton University, states that the term "disaster" has undergone a transformation in the wake of 9/11. Its transformation is the center of debate for researchers whose work relies on an adequate definition and understanding of "disaster" -- yet Scanlon makes clear that he has been particularly struck "by how much of the debate [is]...influenced by awareness of

  • Critical Incident Stress Management CISM

    CISM Program Surry Nuclear Power Plant What is CISM? Why is a CISM program necessary for the agency? Agency description, community, and social context Prevention and Interventions Primary Secondary Tertiary Interventions Chronic health and innovative approaches Cultural Issues Proposed Budget .17 Critical incident stress management plays an important role in assuring the psychological resilience necessary for those who are exposed to a traumatic incident. This proposal outlines a program to add mental Health Services to the existing emergency management plan for the

Read Full Term Paper
Copyright 2016 . All Rights Reserved