Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
471472473474475476477478479480
6-4
Intrusion Detection and Prevention
IDS/IPS Concepts
Then, this chapter discusses several common network attack types. Though
these attack types are by no means comprehensive, learning about them will
greatly increase your understanding of the ways that attackers can infiltrate
or damage your network so that you can protect it accordingly.
Attack Vectors
Network attacks can be broadly categorized according to the direction, or
vector, from which the attack originates and by the intention of the user who
initiates the attack. Understanding attack vectors and the intentions behind
these attacks will help you secure you network against both known network
attacks and new types of attacks.
The four attack vector models are:
External intentional
External unintentional
Internal intentional
Internal unintentional
External Attacks
An external attack, as its name suggests, is an intrusion that originates outside
of your trusted network. Ideally, your comprehensive threat management
solution should prevent an external attack before it ever enters your network.
Because external attacks are historically the most common type of attack
vector, most networks are designed to guard against them at the perimeter.
However, some external attacks use perfectly legitimate traffic to infiltrate,
overwhelm, rob, cripple, or destroy your network. Because attackers use
legitimate traffic, attacks cannot always be easily distinguished and stopped
by perimeter protection methods, such as a traditional firewall.
External Intentional Attacks. In most cases, external attackers will aim
attacks at well-known network vulnerabilities. These attacks are usually
stopped by a good perimeter defense. However, not every external intentional
attack is preventable. For example, some zero-day attacks might be unpre-
ventable because they are designed to exploit vulnerabilities your security
solutions are not configured to manage. One hundred percent protection from
external attacks cannot be guaranteed without disconnecting your network
from the Internet. However, a well-planned solution will eliminate the majority
of attacks.