a. count occurrences of specific event over time
b. if exceed reasonable value assume intrusion
c. alone is a crude & ineffective detector
profile based
d. characterize past behavior of users
e. detect significant deviations from this
f. profile usually multi-parameter
Firewalls – Packet Filters
Ø simplest, fastest firewall component
Ø foundation of any firewall system
Ø examine each IP packet (no context) and permit or deny according to rules
Ø hence restrict access to services (ports)
Ø possible default policies
l that not expressly permitted is prohibited
l that not expressly prohibited is permitted
What is Malicious Software? Describe DDOS and countermeasures.