Infrastructure Practice – Deploy an IDS specifically checking for SQL InjectionSeveral IDS systems exist to specifically monitor web traffic for SQLInjectionEach request is examined for SQL injection signatures.Bad requests are filtered and logged.Protects all applications against most common errors.Excellent first step until all web applications can be reviewed forvulnerabilities.
The philosophy of Intrusion Detection System designsThe Intrusion Detection Systems can bedivide into 3 types according to it’s design :Network-based intrusion detection systemIt uses sniffer mode to capture packets transferring in the internet. Then, put itinto to the built in export system for pattern match. Therefore, it needspowerful computing capability, so most enterprise Intrusion Detection Systemsales in Hardware devices.The advantage Is:• Deployment easily: Network Intrusion Detection System usingpassive mode to sniffer packets from the LAN and analysis them.• Lower cost: In large network environments just only deploy a fewSensors to monitor the area.•Large area: In sniffer mode it could monitor the large areas for abnormalactivities, the area is bigger than Host Intrusion Detection System.
Host-based intrusion detection system:It is used to monitor critical Host systems by checking the users, systemactivities and attack behavior in the host. The Advance HIDS alsoprovides Policy auditing, Access Control, Data Forensics ability.The advantage is:The more detail the logging data is, then more effect.Because it monitors the host system logs.Network-node Intrusion Detection System:Also called as Distributed Intrusion Detection System; the processing method isthe same with Network-based Intrusion Detection Systems. Thedifference is DIDS will forward logs to a backend management analysisplatform. It is more suitable with lager network environments.The Intrusion Detection Systems could divide to 3 types according to thedetect mechanisms
Signature-Based Intrusion Detection SystemThe signature is to analyze previous attacked information by experts. It isbased on pattern match with packet and signature.The advantage isIt could detect known attack, low false alarms, and more efficient and thedisadvantage is it could not detect unknown attack, and needs toupdate the signature database frequently.Anomaly-Based Intrusion Detection System:It uses the built in normal communication model to analyze, when againstthe model then justices to anomalous.The advantage is: It could detect unknown attack method, but thedisadvantage is the false alert alarms higher and less effort.Hybrid Intrusion Detection SystemIt combines Signature-based and Anomybased characters. It is the futuretrend.