TMS zl Management and Configuration Guide ST.1.0.090213

6-3

Intrusion Detection and Prevention

Overview

Hacker attacks, employee threats, virus skirmishes, and battles with worms—

to implement successful network security, you must first understand the types

of attacks that threaten your network. In Chapter 4: “Firewall,” you learned

about several specific attacks. While a list of every attack is beyond the scope

of this (or any) guide, this chapter will explore some of the most common

network attacks.

First, this chapter introduces you to four network attack vectors. Understand-

ing the origin of an attack and the intentions behind it can help you to

implement the correct type of network protection in the correct network

location.

Then, this chapter discusses several common network attack types. Though

these attack types are by no means comprehensive, learning about them will

greatly increase your understanding of the ways that attackers can infiltrate

or damage your network so that you can protect it accordingly.

Attack Vectors

Network attacks can be broadly categorized according to the direction, or

vector, from which the attack originates and by the intention of the user who

initiates the attack. Understanding attack vectors and the intentions behind

these attacks will help you secure you network against both known network

attacks and new types of attacks.

The four attack vector models are:

■ External intentional

■ External unintentional

■ Internal intentional

■ Internal unintentional

External Attacks

An external attack, as its name suggests, is an intrusion that originates outside

of your trusted network. Ideally, your comprehensive threat management

solution should prevent an external attack before it ever enters your network.

Because external attacks are historically the most common type of attack

vector, most networks are designed to guard against them at the perimeter.