Download Case study Compute privacy

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
Document related concepts

Malware wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Access control wikipedia , lookup

Information security wikipedia , lookup

Airport security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cross-site scripting wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Cyberattack wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Hacker wikipedia , lookup

Wireless security wikipedia , lookup

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Distributed firewall wikipedia , lookup

Mobile security wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Intrusion Detection
Prepared by: Mohammed Hussein
Supervised by: Dr. Lo’ai Tawalbeh
NYIT- winter 2007.
WHAT IS SECURITY

ISO 7498-2 defines five security services
–
–
–
–

Confidentiality (secrecy)
Authentication (identify verification)
Integrity
Access control
Users also would likely include
–
–
–
–
Preventing spam
Preventing denial of service
Privacy
…
Security Terminology

Vulnerabilities
– security flaws in systems

Attacks
– means of exploiting vulnerabilities

Countermeasures
– technical or procedural means of addressing
vulnerabilities or thwarting specific attacks

Threats
– motivated adversaries capable of mounting
attacks which exploit vulnerabilities
Types of violation

Attack
– Attempts to exploit a vulnerability
– Ex: denial of service, privilege escalation

Intrusion
– Masquerading as another legitimate user

Misuse
– User abuses privileges
– Often called the “insider threat”
Intrusion
“Any intentional event where an intruder
gains access that compromises the
confidentiality, integrity, or availability of
computers, networks, or the data residing
on them.”
Credit: CERT-CC Security Improvement Module 8: Responding to Intrusions
Why Systems Are Vulnerable
Contemporary Security Challenges and Vulnerabilities
Why Systems Are Vulnerable (Continued)
Internet Vulnerabilities:
• Use of fixed Internet addresses through use of
cable modems or DSL
• Lack of encryption with most Voice over IP (VoIP)
• Widespread use of e-mail and instant messaging
(IM)
Intrusion Detection and Computer
Security

Computer security goals:
– Confidentiality, integrity, and availability

Intrusion is a set of actions aimed to compromise these
security goals

Intrusion prevention (authentication, encryption, etc.)
alone is not sufficient

Intrusion detection is needed
Intrusion Examples

Intrusions: Any set of actions that threaten
the integrity, availability, or confidentiality of
a network resource

Examples
– Denial of service (DoS): attempts to starve a
host of resources needed to function correctly
– Worms and viruses: replicating on other hosts
Intrusion Detection

Intrusion detection:
The process of monitoring and
analyzing the events occurring in a computer and/or network
system in order to detect signs of security problems

Primary assumption:
User and program activities can be
monitored and modeled

Steps
– Monitoring and analyzing traffic
– Identifying abnormal activities
– Assessing severity and raising alarm
IDS Architecture

Sensors (agent)
– to collect data and forward info to the analyzer
 network packets
 log files
 system call traces

Analyzers (detector)
– To receive input from one or more sensors or from
other analyzers
– To determine if an intrusion has occurred

User interface
– To enable a user to view output from the system or
control the behavior of the system
Intrusion Detection Model
Activity
Data
Source
Operator
Sensor
Event
Notification
Sensor
Event
Analyser
Response
Alert
Security
Policy
Administrator
Credit: IETF: Intrusion Detection Message Exchange Requirements (Internet Draft)
Manager
Intrusion Detection Systems
Detect intrusive behaviour in an
automated fashion
 Monitor activity both across networks
(NIDS) and within hosts (HIDS)
 Analyse activity for signs of intrusion

– Signature based
– Anomaly based

Respond to predetermined triggers by:
– Blocking specific actions
Common Defense Strategies







Firewalls
Intrusion Detection Systems
Anti-virus technology (in hosts and in mail
gateways)
Anti-spam technology (in hosts and in mail
gateways)
Periodic penetration testing (enterprise
nets)
Centralized patch management (enterprise
nets)
Anti-DOS mechanisms (ISPs)
Defining Policy

Consider this example
– A hospital deploys a database system for
patient records. The system consists of a
centralized DB server accessed by client
systems in the hospital. Clients access the
information through a network of connected
PCs and via wireless PDAs

What sorts of policy statements can we
make about the hardware? Software?
Users?
Defining Policy

Possible statements
– The DB server software will be kept up to date
– Unused network services (ports) on the DB server will
be disabled
– Wireless access will employ strong cryptographic
protocols
– Users are prohibited from examining records of
patients not in their care

Machine readable policy is very hard problem
– Particularly for misfeasance (i.e. insiders)
Info

Case studyCourse :Intrusion detection and
hacker exploits
Presented to: Dr . Lo’ai Tawalbeh
 Homepage: http://www.isrc.qut.edu.au/about/pe

ople/aclark/questnet2003-ac-ids.ppt
Presented to: Dr. lo’ai tawalbeh
 Course :Intrusion detection and hacker
exploits

Related documents
Intrusion Prevention Systems
Intrusion Prevention Systems
Abstract-The paper`s object is to develop a network intrusion
Abstract-The paper`s object is to develop a network intrusion
EHLANZENI DISTRICT MUNICIPALITY INTRUSION DETECTION
EHLANZENI DISTRICT MUNICIPALITY INTRUSION DETECTION
CIS 203 Artificial Intelligence
CIS 203 Artificial Intelligence
Lecture for Chapter 2.8 (Fall 11)
Lecture for Chapter 2.8 (Fall 11)
Intrusion Detection Technique by using K
Intrusion Detection Technique by using K
Intrusion Detection Technique by using K
Intrusion Detection Technique by using K
Slide 1
Slide 1
A case for drilling the Dufek layered mafic intrusion, Antarctica
A case for drilling the Dufek layered mafic intrusion, Antarctica
Layered Approach Using Conditional Random Fields for Intrusion
Layered Approach Using Conditional Random Fields for Intrusion
CNT Systems and Network Administrators Questionnaire
CNT Systems and Network Administrators Questionnaire
Defenses-guest
Defenses-guest