Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Intrusion Prevention Systems
Document related concepts
Cyber-security regulation wikipedia , lookup
Citizen Lab wikipedia , lookup
Cyberattack wikipedia , lookup
Mobile security wikipedia , lookup
Unix security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Security-focused operating system wikipedia , lookup
Network tap wikipedia , lookup
Computer security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Wireless security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
Intrusion Prevention Systems /dr. x Logistics • Command Line Lab on Thursday: please bring your laptops • Keep up with the reading – Midterm on March 2nd • Computer Networks Basics: OSI stack, subnets, Basic protocols: ARP, ICMP, NAT, DHCP, DNS, TCP/IP • Penetration testing: recon, scanning, exploits (ch. 1-4 of book: ”The basics of Hacking and Penetration Testing”) • IDS/IPS • Firewalls • Network Security Protocols Introduction • IPSs are not a new technology, they are simply an evolved version of IDS. • IPSs combine IDSs and improved firewall technologies, 3 Definitions • Intrusions: attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer system or network( illegal access). 4 Definitions • Intrusion detection: is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible intrusions (incidents). • Intrusion detection system (IDS): is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. • Intrusion prevention system (IPS): is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. 5 Why should we use Intrusion Detection Prevention Systems? • A firewall is enough… • They are too costly... A firewall is enough! 6 Why is an IPS useful? • Blocks the attack • Changes the security environment • Changes the attack’s content 7 Classes of detection methodologies: • Signature-based: compares known threat signatures to observed events to identify incidents. • Anomaly-based detection: sample network activity to compare to traffic that is known to be normal. • Stateful protocol analysis: A key development in IDPS technologies was the use of protocol analyzers. 8 Tuning • False positives • False negatives • Which one is worse? 9 Deployment NIDS/NIPS Deployment HIDS/HIPS Types of IDPSs • Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows • Wireless: monitors wireless network traffic and analyzes its wireless networking protocols to identify suspicious activity involving the protocols themselves. 12 When to use an IDPS? • Set goals • Security capabilities: including information gathering, logging, detection, and prevention. • Performance: including maximum capacity and performance features • Management: including design and implementation (e.g., reliability, interoperability, scalability, product security), operation and maintenance (including software updates), and training, documentation, and technical support Life cycle costs, both initial and maintenance costs. 13
