11.3 – Common Detection Methodology

The following are the most common detection methodologies: Signature-Based Detection Signature-based detection is certainly more along the lines of ID than firewalls, though many personal firewalls and certain business firewalls include this functionality. Basically, the computer system can be configured to look for particular patterns, flag them as malicious, and block the traffic. This is akin to something called Code Red worm. In this technique, incoming and outgoing packets are observed and associated with earlier known, pre-configured patterns of attacks by means of signatures and relying on the signatures. The principle of work is the same as that of antivirus, because it uses…