Jason Ewing. What is an Intrusion Why Detecting Signs of Intrusion is Important? Types of Intrusion Detection Systems (IDS) Approaches for Detection Anomaly.

Slides:



Advertisements
Similar presentations
Guide to Network Defense and Countermeasures Third Edition
Advertisements

Access Control Chapter 3 Part 5 Pages 248 to 252.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security+ Guide to Network Security Fundamentals, Third Edition
Guide to Network Defense and Countermeasures Second Edition
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Operating system Security By Murtaza K. Madraswala.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
Module 7: Advanced Application and Web Filtering.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.
Network Security & Accounting
Cryptography and Network Security Sixth Edition by William Stallings.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Intrusion Detection System
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
Role Of Network IDS in Network Perimeter Defense.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
Eric Van Horn Cosc 356.  Nearly every organization in todays era uses computers and a network to send, receive, and store information  Very important.
DETECTING INTRUSIONS By Matthew Morrow. WHAT ARE INTRUSIONS? Definition: “To compromise a computer system by breaking the security of such a system or.
By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
IDS Intrusion Detection Systems
Snort – IDS / IPS.
Securing Network Servers
IDS/IPS Intrusion Detection System/ Intrusion Prevention System.
Operating system Security
Principles of Computer Security
GCED Exam Braindumps
NETWORK SECURITY LAB Lab 9. IDS and IPS.
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Intrusion Detection & Prevention
Intrusion Detection Systems (IDS)
Intrusion Prevention Systems
Intrusion Detection system
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Network Security Mark Creighton GBA 576 6/4/2019.
Presentation transcript:

Jason Ewing

What is an Intrusion Why Detecting Signs of Intrusion is Important? Types of Intrusion Detection Systems (IDS) Approaches for Detection Anomaly Detection Signature Recognition Protocol Analysis Policy and Procedures Questions Introduction

“Normal activities that leave signs of intrusion include but are not limited to attempts to gain unauthorized access to a system or its data, unauthorized exposure of information, disruption or denial of service, unauthorized data processing, unauthorized downloading, and changes to system hardware, firmware, or software without network administrators knowledge or consent (Kochmar et al 6)”. What is an Intrusion?

Without detection and damage assessment time to recover from attacks can increase along with damage Legal Repercussions, Attackers could utilize system to launch other attacks Loss of Business Damaged Reputation Why It’s Important?

Network Intrusion Detection Systems (NIDS) Packet Monitoring system Will Capture Packets Evaluate Both Incoming and Outgoing traffic System Integrity Verifiers (SIV) Monitors System Files Windows Registry Critical Components No Real Time Alert Types of Intrusion Detection Systems (IDS)

Log File Monitors (LFM) Monitors Generated Log Files Identify Well-Known Patterns of attackers Decoy Systems Trap Attackers Rely on Deception Honeypots Fake Accounts Without Privileges Types of Intrusion Detection Systems (IDS)

General Framework for Detection Look for Suspicious Activity Investigate any problems or strange behavior If something is unexplainable assume there’s an intrusion Anomaly Detection Signature Recognition Protocol Analysis Approaches for Detection

Most Common Method Detects Statistical Anomalies Baseline of Network Activity CPU Use Disk Activity User Activity File Activity Alarm will activate when an anomaly occurs Anomaly Detection

Similar to virus scanning Examines Network Traffic Looks for Well Known Patterns of Attackers Must be compared to a signature file Not very effective due to Many different variations of attacks Signatures created after an network or honeypot is attacked Signature Recognition

Decodes Application-Layer Network Traffic Each protocol is decoded and analyzed Searches for suspicious behavior Unusual Packet Characteristics Unusual Packet Source & Destination Example: Malicious Code in a Header Field sent to a Web server Protocol Analysis

It’s very important to document types of threats and possible intrusions Attempted attacks Port scanning Unauthorized access of information Changes to the system – Hardware, Software, etc. Great documentation allows for great intrusion response and prevention Maintain all documentation Policy and Procedures

Questions

Allen, Julia H. The CERT Guide to System and Network Security Practices. Boston: Addison-Wesley, Print. Berge, Matthew. "Intrusion Detection FAQ: What Is Intrusion Detection?" Intrusion Detection. SANS. Web. 9 Apr Ciampa, Mark D. Security+ Guide to Network Security Fundamentals. 3rd ed. Boston, MA: Thomson/Course Technology, Print. Graham, Robert. " Network Intrusion Detection Systems." Network Security Articles for Windows Server 2003, 2008 & Vista. Windows Security, 16 Oct Web. 09 Apr Kochmar, John, Julia Allen, Christopher Alberts, Cory Cohen, Gary Ford, Barbara Fraser, Suresh Konda, Peter Kossakowski, and Derek Simmel. "Preparing to Detect Signs of Intrusion." (2001): Carnegie Mellon Software Engineering Institute, Web. 09 Apr Sources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.