Data Threat Detection & Protection Techniques

Instructor: Lyna Griffin

Lyna has tutored undergraduate Information Management Systems and Database Development. She has a Bachelor's degree in Electrical Engineering and a Masters degree in Information Technology.

In this lesson, we will examine the various layers used in detecting threats in a data system. We will discuss effective protection techniques employed to guard against these threats.

Data Under Threat

Data is the most valuable asset in any information system and, therefore, the most targeted component. Data exists in three forms. Data can be at rest (in storage), in use (accessed), or in transit (moved or copied). In any of these states, data can be compromised, manipulated, or stolen. It is important for system administrators and security personnel to fully understand the different avenues that can be used to breach a system and to be apprised of the techniques that can be employed for the protection of that system.

Data Threat Detection Techniques

Data threat detection refers to the systems and techniques used to detect existing or pending threats to an application or system. They are commonly known as Intrusion Detection Systems (IDS). Every threat to data involves some form of illicit system intrusion. These detective systems, when employed, are designed to monitor an entire network system's activities, traffic, identity, and attacks. They can be a combination of both software and hardware.

Think of IDS as similar to a car alarm. If the car's window or lock has been broken or the vehicle is subjected to unusual external vibrations, the alarm is set off and the owner is notified.

Types of Intrusion Detection Techniques

The different detection techniques depict the different angles from which data can be threatened or compromised.

Host Based IDS

A host usually refers to the individual computer or devices that are connected to and communicate over a network. At the host level, threat detection systems are installed on the individual devices and monitor all traffic to and from that single device. Malicious activity is therefore detected only at that device.

Network Based IDS

With this technique, strategic points in the network have their traffic monitored. A dedicated device can be used to analyze the traffic. It is used in conjunction with the Ethernet layer of the network to analyze packets by predetermined rules.

Stack Based IDS

The TCP/IP stack is the set of network protocols formed into a stack that governs communication over the network and the internet. Stack-based detection systems work together with the TCP/IP stack, allowing the IDS to monitor network packets and extract suspicious packets before they hit the operating systems and programs.

Signature Based IDS

Signature based IDS involves analyzing traffic for known malicious network packets. These signatures are developed and incorporated into the IDS engine over time when malicious network behavior manifests. That's why they are known as signatures. These network behavioral patterns are linked to specific malicious attacks. This means the IDS creates a signature for each attack.

Anomaly Based IDS

Anomaly means deviation from the standard or norm. With this technique, a baseline of 'normal' network behavior is established. The baseline is established by the network administrator or security personnel and specifies what constitutes normal network behavior. Network events which occur outside the predefined or baseline model are said to be an anomaly.

Data Protection Techniques

Dynamic Data Masking (DDM)

This is a form of data protection employed when the data is 'in use'. Masking means to cover or hide all or part of something. Dynamic Data Masking is defined as the method of hiding or concealing real-time access to a data set without making any alterations to the actual data. The process is executed while the data is being accessed. It is a way of preventing unauthorized access to data.

For example, when a customer fills out a form connected to an application, the software can state that only the last 4 digits of the credit card details should be revealed to whoever accesses the form. Table 1 illustrates this.

Table 1

0000 0000 0000 0000 becomes XXXX XXXX XXXX 0000

While the user accessing the form only sees XXXX for first 12 characters of the credit card number, the actual value held in the database is not changed in any way.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account