Intrusion Detection is the process by which you determine if there has been attempts to gain authorized access to data or application that is deemed as confidential.
The source of intrusion could be through any of the following means
- application, either through Unauthorized Accounts, SQL injection, URL hacking or cracking passwords
- network infrastructure, through open ports, hacking firewalls, malware
How do I prevent these?
For starters here are 5 things you could do to prevent
- Where possible, implement IP based filter to ensure that users from trusted IP address access the service. This way, in case of a breach, you can trace the intruder back to the IP address.
- Strictly follow your policy of terminating accounts of ex-employees, contractors, evaluation accounts. No exceptions.
- Ensure that you have robust password management framework and password store that is one-way encrypted.
- Ensure that all the necessary patches are applied to your IT infrastructure components including server patches, router firmware upgrades, firewall upgrades, database patches, anti-virus upgrades on user desktops.
- Implement Intrusion Prevention Systems, that will regularly check for potential vulnerabilities by conducting activities like port scans, failed logins, abnormal activities, log mining.