Focus on IDS
An insider attack scenario Jun 10 2009 03:24PM
pamaclark yahoo com

I'm new to IDS/IPS...

Suppose a company has a large network, which is divided into several sub-network segments. Due to finance or staffs restrictions, the company could only use a limited number of sensors, hence leave some internal sub-networks unmonitored. I guess this is quite common in real world right?

So, if I were an inside attacker, I may find out sensor locations (either physical of logical locations) by fingerprinting the sensors as discussed in some previous threads or whatever tricks. Means I will know which sub-networks are monitored and others are not, right? So that I can launch attacks to those unmonitored network segments without being detected.

Does this sound plausible? And what current IDS/IPS technologies can be used to against this?


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus