Impact Subcategories - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
Reconnaissan
ce
DoS and
DDoS
Multi sensor
correlation
Protocol
discovery
Multi method
correlation
Flow
correlation
Application
anomaly

Impact subcategories

Impact subcategories are the specific, inherent system flaws that can be exploited by
attackers familiar with a vulnerability. A known vulnerability poses a threat to the system;
the attacking party exploits this threat with an attack that is designed to impact some part
of the vulnerable system.
Audit
Back Door
Brute Force
Category
This type of activities is for the purpose of intelligence gathering to
prepare for further attacks; for example, a port scan or probe
conducted to enumerate or identify services and possible
vulnerabilities.
A denial of service (DoS) or distributed denial of service (DDoS)
attack was performed, possibly harming the ability of the network or
system to respond or continue providing services.
Manager correlates the attack detection information from multiple
intrusion detection systems (sensors) in order to identify different
phrases of the attack behaviors.
Sensor determines protocol anomaly on well-known ports such as
P2P software running on a well-known ports.
Multiple detection methods are used to correlate the attacking traffic
in order to identify different phrases of the attack behaviors.
Examples of such correlation are attack signature, Network Security
Platform shellcode detection, and statistical correlation.
Sensor correlates the bi-directional traffic of each session in order
to increase the accuracy of the attack detection as well as impact of
the attack.
This type of attack is caused when a large number of bytes comes
from an HTTP browser than that are actually going onto it.
Examples of such an attack is Buffer Overflow.
Category
Any networking event deemed to be of interest to the
security analyst. Examples include invocation of particular
applications or use of particular commands in certain
applications.
Depending on the confidence level of the triggers, this can
either be some attempts at contacting a backdoor process or
the occurrence of actual backdoor 2-way conversation. If the
latter has occurred, it means that a backdoor process exists
in your network, the backdoor user is in your network, or
both are inside your network, depending on the locations of
the communication end points.
Brute force attacks are used by programs, such as password
crackers, to try many different passwords in order to guess
the proper one.
Understanding attack descriptions
Description
Description
244