FTP & Intrusion Detection System

By: enj

1. Anonymous File Transfer Protocol (FTP) enables remote users to use the FTP server without an assigned user ID and password.
Anonymous FTP enables unprotected access (no password required) to selected information about a remote system. The remote site determines what information is made available for general access.
Such information is considered to be publicly accessible and can be read by anyone. It is the responsibility of the person who owns the information and the system to assure that only appropriate information is made available.
To access this information, a user logs on to the hosts using the user ID ANONYMOUS. The user ANONYMOUS has limited access rights to the files on the FTP server and has some operating restrictions.
Typically, the following operations are only operations allowed.
• Logging on using FTP
• Listing the contents of a limited set of directories
• Retrieving files from these directories.
Typically, anonymous users are not allowed to transfer files to the FTP server. Some systems do provide an incoming directory for anonymous users to send data to. Traditionally, the special anonymous user account accepts a string as a password, although it is common to use either the password guest or one’s e-mail address.
Some archive sites explicitly ask for the user’s e-mail address and do not allow logon with the guest password. Providing an e-mail address is a courtesy that allows the archive site operators to get some idea of who is using their services.

2. Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and will detect any type of misuse that falls out with normal system operation. This is as opposed to signature based systems which can only detect attacks for which a signature has previously been created.
In order to determine what is attack traffic, the system must be taught to recognise normal system activity. This can be accomplished in several ways, most often with artificial intelligence type techniques. Systems using neural networks have been used to great effect. Another method is to define what normal usage of the system comprises using a strict mathematical model, and flag any deviation from this as an attack. This is known as strict anomaly detection.
There are very few reliable and trusted commercial Anomaly-based Intrusion Detection systems. One such system, Manhunt, purchased by Symantec in 2001, uses anamoly-based protocol inspection. Another system, StealthWatch by Lancope is a Network Behavior Analysis solution that combines behavior-based anomaly detection with network performance monitoring.

Share!

Leave a Reply

Your email address will not be published. Required fields are marked *

User Online

Back to Top
Get Adobe Flash player