Download Intrusion Detection System(IDS) Overview

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts

Mobile security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Social engineering (security) wikipedia , lookup

Unix security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
Intrusion Detection System(IDS)
Overview
Manglers
Gopal Paliwal
Roshni Zawar
SenthilRaja Velu
Sreevathsa Sathyanarayana
VijayaPriya Mani
Agenda










What is IDS
Why do I need IDS, I have a firewall?
Types of IDS
IDS Techniques
Common ID Framework
Issues in IDS
Popular IDS
Demo
References
Q&A
What is IDS



A system that detects break-ins or
misuse of a system in network.
In short, its ‘burglar alarm’ for the
network.
An IDS can detect network scans, DoS,
unauthorized attempt to connect to
services in the network, improper
activity etc..
Why do I need IDS, I have a
firewall?



Today’s security infrastructure include
firewalls, virus scanners, authentication
systems, VPN etc..
Given their role, these are prime targets
and being managed by humans, they
are error prone.
Failure of one of these tools will
jeopardize the security!.
Why do I need IDS, I have a
firewall? – Contd..


Firewall is just not enough. Not all
traffic go through them.
Firewall does not protect against
application level weaknesses and are
subject to attack themselves.
Where should IDS go?
Depends primarily on the network setup
 In a DMZ area immediately inside
firewall.
 Important locations in network
 On a service host (like a webserver)
Types of IDS

Host Based


Network Based


Collect and analyze data that originate from a host
(e.g., web server)
Collect and analyze packets that travel over
network
Stack Based (recent)

Integrated into TCP/IP stack, so that the malicious
packets are caught even before packets reach
application
IDS Techniques

Anomaly Detection


Misuse Detection (or) Signature Detection


Generates an alert when a known intrusion matches existing signatures.
Predict and Detect subsequent similar attempts.
Target Monitoring


Establish a baseline pattern and generates an alert when a flow of traffic
deviates from baseline pattern.
Corrective control designed to uncover unauthorized action (file
modification) after it occurs.
Stealth Probes


Checks for methodical attacks over a prolonged period of time.
Discover correlating attacks.
Common ID Framework
Issues in IDS




Large number of ‘false positives’.
Very difficult to configure the security
rules.
Continuous update of signature
database is must.
NIDS is unreliable on high-speed and
switched networks.
Popular IDS Tools









Snort
Cisco IDS
RealSecure, by Internet Security Systems
Dragon, by Enterasys
NFR, by Flight Recorder (also available in a
free research version)
Tripwire, by the Tripwire Open Source team
Tcpwrappers, by Wietse Venema
PortSentry, by Psionic Technologies
AIDE (Advanced Intrusion Detection
Environment)
Demo


Snort – is a light weight open source
NIDS, capable of performing real time
traffic analysis and packet logging.
Snort works in various modes:



sniffer mode (acts as protocol analyzer)
packet-logger mode
NIDS mode.
Network Topology
SNORT
• Internal Node
• Web server
• FTP server
milkyway
supernova
(192.168.1.103)
(192.168.1.102)
The Intruder
trudy
(192.168.6.201)
References






Book: Intrusion detection system with snort by Jack koziol
Snort IDS (www.snort.org)
Intrusion Detection Systems
(www.certiguide.com/secplus/cg_sp_34IntrustionDetectionSystem.htm)
An introduction to IDS (http://www.securityfocus.com/infocus/1520)
Intrusion Detection FAQ: Why is intrusion detection required in today’s
computing environment?
(http://www.sans.org/resources/idfaq/id_required.php?
IDS, what is it and why do we need it?
(http://www.ixact.ch/english/pagesnav/IN.htm)
Q&A
Related documents
Intrusion Prevention Systems
Intrusion Prevention Systems
Document
Document
History 105C: Civ I
History 105C: Civ I
Report: Intrusion Detection Systems
Report: Intrusion Detection Systems
Intrusion Detection Systems:
Intrusion Detection Systems:
CHAPTER 1 THE INTRUSION DETECTION SYSTEM
CHAPTER 1 THE INTRUSION DETECTION SYSTEM
Prep sheet for midterm
Prep sheet for midterm
Fides et Ratio
Fides et Ratio
NETWORK SECURITY - Clarkson University
NETWORK SECURITY - Clarkson University
Intrusion Detection Technique by using K
Intrusion Detection Technique by using K
Prep sheet for Civ I, First midterm exam
Prep sheet for Civ I, First midterm exam
Hardened IDS using IXP
Hardened IDS using IXP
Intrusion Detection
Intrusion Detection
ids control strategies
ids control strategies
2._ids_with_snort_1
2._ids_with_snort_1
2._ids_with_snort
2._ids_with_snort
ECPE 5984 - Virginia Alliance for Secure Computing and Networking
ECPE 5984 - Virginia Alliance for Secure Computing and Networking
Intrusion Detection Systems
Intrusion Detection Systems
Network IDS
Network IDS
WIRELESS INTRUSION DETECTION SYTEMS
WIRELESS INTRUSION DETECTION SYTEMS
Intrusion Detection Systems
Intrusion Detection Systems
Vindicator® V5 Intrusion Detection System (IDS)
Vindicator® V5 Intrusion Detection System (IDS)