ZOOM Remote Flipped Classroom Lecture 12/10 [DB]: Firewalls and intrusion detection systems
There are two categories of tools that are useful in practical computer (and network) security: firewalls and intrusion detection (and prevention) systems.
Firewalls are rule based and focus on network communication. They ensure proper traffic flows.
Intrusion detection and prevention systems work at a higher level. They monitor user behaviour to try to detect intrusions and can also take actions to prevent the intruders.
Videos
You’ll find the videos directly below. Watch them through FeedBackFruits, this way you can ask questions and start discussions during the videos Links to an external site.. You’ll post anonymously.
Videos:
- Intrusion detection and prevention Links to an external site. (slides Links to an external site.)
- Firewalls Links to an external site. (slides Links to an external site.)
Reading
- Chapter 21 Links to an external site., focus on 21.4, of Anderson (2008).
Additional reading
- RUAG Turla-APT case Links to an external site.
- Chapter 17 of Gollmann (2011)
- Check out the RAID Symposium Links to an external site..
- Snort Links to an external site. network intrusion-detection system
- OSSEC Links to an external site. host-based intrusion-detection system
- Measuring and circumventing Internet censorship Links to an external site.
Related extracurricular reading
- Discipline and Punish Links to an external site. by the French philosopher Michel Foucault Links to an external site.. Warning: It’s a heavy read!
The original French title and the translated Swedish titles are better: “Surveiller et punir” and “Övervakning och straff”, respectively. In English: “Surveillance and punishment”.
It’s more philosophical, providing theoretical tools to reason about the sociological aspects of e.g. preventing insiders from leaking sensitive data. It analyzes various societal institutions, from the prison to military barracks to schools. The book doesn't have a single word about computer science, it's about normative culture and how humans (society) function(s).
References
Anderson, Ross J. 2008. Security Engineering: A Guide to Building Dependable Distributed Systems. 2nd ed. Indianapolis, IN: Wiley. http://www.cl.cam.ac.uk/~rja14/book.html Links to an external site..
Gollmann, Dieter. 2011. Computer Security. 3rd ed. Chichester, West Sussex, U.K.: Wiley.