Profiling What the Bad Guys Want to Do
When the police are patrolling around the neighborhood, they
know what general things to look out for because that's what they were trained
to do. For instance, if there's been a rash of bank robberies lately using a
green van as the getaway car, you know the police will be looking for green vans
in particular. In the real world, police usually call that profiling.
IDS systems and anti-virus software do a form of profiling, but
in networking, the term signature is used. Whenever a new
way to hack into the network is found, or whenever a new virus is discovered,
the vendors that sell the IDS and anti-virus software create a signature for
that problem. The signature tells the IDS or anti-virus software what to look
for to identify the problem. As long as a network engineer updates the IDS to
know about the latest signatures, the IDS will be well prepared for all known
problems. Similarly, most PCs with proper security have their anti-virus
software updated regularly with new virus signatures.
Sections
Comments (0 posted)
Syndication
