What is an intrusion attack?
An intrusion attack can be classified as any malicious activity or policy violations that originate within your own network, on your company-owned servers. The most common purposes of intrusion attacks are to:
- Gain unauthorised access to files, privileges, data or money
- Destabilise a network for financial or personal gain
- Use software beyond what policy permits
As intrusion attacks are an internal threat – often perpetrated by colleagues, partners or vendors who may have the knowledge to execute an attack undetected – they can be difficult to prevent, and security measures can occasionally be ineffective.
Is an intrusion attack the same as a firewall breach?
No, an intrusion attack is not the same as a firewall breach. An intrusion attack is committed by and undertaken within your own private network. A firewall breach occurs when dangerous or unwanted external network traffic accesses your network as a result of the firewall being bypassed. This could be a result of a successful hack or malware attack or due to incorrect firewall configuration and poor management of the access control list. Not sure what an access control list is? Find out here.
Do firewalls prevent intrusion attacks?
In general, no, because firewalls analyse, filter or block traffic from external networks that requests access to your server networks. However, as businesses depend ever-more on IT and store most sensitive data electronically, firewalls between segmented networks are becoming more commonplace to defend against malicious players who abuse Internal IT.
Firewalls look outwardly for intrusions and do not signal or block an attack from inside the network. In theory, a firewall could potentially prevent an intrusion attack between one internal network and another – access control such as application firewalls can be implemented for this purpose. However, a firewall alone is powerless to block malicious activity executed by a user already granted network access and other cybersecurity measures such as permissions, privileges and intrusion detection software.
How to stop an intrusion attack
Along with a thorough review of policies, permissions and privileges that’s appropriate for today’s cyber threat risk, you should be considering intrusion prevention detection (IPD) and intrusion prevention systems (IPS). These solutions analyse network traffic for threat signatures or anomalies in network traffic, either monitoring or controlling said traffic.
What Is IPD?
A passive solution which “watches” for intrusion attacks by identifying signatures of common attacks and generates an alert.
- A hardware device or software app that that monitors network traffic, incoming and outbound, for any malicious activity or security policy violation
- It either uses strategically placed network sensors to monitor maximum traffic without creating bottlenecks, or runs on specific hosts or devices, monitoring the traffic associated with them. It doesn’t modify the network.
- Malicious activity or violations are automatically reported to an administrator or collected in a central system, triggering alerts
What is IPS?
An active solution which terminates connections during an intrusion attack and performs access control.
- Just like IPD, IPS monitors network traffic for malicious activity or security policy violation and can be network-based or host-based
- However, IPS can intercept anomalies and quickly prevent an intrusion attack by dropping packets or resetting connections
- It can configure policy-based rules and actions to be executed when a threat is detected
- Malicious activity, violations and intercepted threats are automatically reported to an administrator or collected in a central system, triggering alerts
If you’re concerned about internal cybersecurity breaches such as intrusion attacks, download our Cybersecurity Scorecard. In just 5 minutes, it will reveal your vulnerabilities and calculate a risk score. For more about firewalls, click here or get in touch with us on 0844 579 0800.