What are the primary goals of intrusion detection systems? (Select all that apply.)
A.
Accountability
B.
Availability
C.
Response
D.
All of the choices
Explanation:
Although there are many goals associated with security mechanisms in general, there are two
overarching goals usually stated for intrusion detection systems. Accountability is the capability to
link a given activity or event back to the party responsible for initiating it. This is essential in cases
where one wishes to bring criminal charges against an attacker. The goal statement associated with
accountability is: “I can deal with security attacks that occur on my systems as long as I know who
did it (and where to find them.)” Accountability is difficult in TCP/IP networks, where the protocols
allow attackers to forge the identity of source addresses or other source identifiers. It is also
extremely difficult to enforce accountability in any system that employs weak identification and
authentication mechanisms. Response is the capability to recognize a given activity or event as an
attack and then taking action to block or otherwise affect its ultimate goal. The goal statement
associated with response is “I don’t care who attacks my system as long as I can recognize that the
attack is taking place and block it.” Note that the requirements of detection are quite different for
response than for accountability.