Basics of Intrusion Detection

Slides:

Advertisements

Similar presentations

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Advertisements

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

Security Firewall Firewall design principle. Firewall Characteristics.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

seminar on Intrusion detection system

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

IIT Indore © Neminah Hubballi

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

Lecture 11 Page 1 CS 236 Online Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible –Good.

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.

Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

Star Topology Star Networks are one of the most common network topologies. consists of one central switch, hub or computer, which acts as a conduit to.

Cryptography and Network Security Sixth Edition by William Stallings.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Intrusion Detection System

Network Topologies.

Lecture 13 Page 1 CS 236 Online Styles of Intrusion Detection Misuse intrusion detection –Try to detect things known to be bad Anomaly intrusion detection.

HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.

Chapter 1 : Computer Networks.

Role Of Network IDS in Network Perimeter Defense.

Lecture 11 Page 1 CS 136, Fall 2014 Intrusion Detection Computer Security Peter Reiher November 18, 2014.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Lecture 14 Page 1 CS 136, Fall 2010 Intrusion Detection Systems CS 136 Computer Security Peter Reiher November 16, 2010.

UDP: User Datagram Protocol Brian Jorgage CSC /24/2004.

Lecture 13 Page 1 CS 236 Online Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Some Great Open Source Intrusion Detection Systems (IDSs)

Security Methods and Practice CET4884

Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Challenge/Response Authentication

IDS/IPS Intrusion Detection System/ Intrusion Prevention System.

Port Knocking Benjamin DiYanni.

DDoS Attacks on Financial Institutions Presentation

Services DFS, DHCP, and WINS are cluster-aware.

Access control techniques

Challenge/Response Authentication

Intrusion Control.

Styles of Intrusion Detection

Outline Introduction Characteristics of intrusion detection systems

Outline Introduction Characteristics of intrusion detection systems

Wireless Network Security

Computer Data Security & Privacy

Security Methods and Practice CET4884

Outline Introduction Characteristics of intrusion detection systems

The Client/Server Database Environment

NET 412 Network Security protocols

Intrusion detection systems?

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

Intrusion Detection Computer Security Peter Reiher May 10, 2016

Computer communications

Intrusion Detection Systems

Intrusion Detection CS 136 Computer Security Peter Reiher May 13, 2014

Lecture 8: Intrusion Detection

Outline Introduction Characteristics of intrusion detection systems

Lecture 7: Intrusion Detection

Outline Introduction Characteristics of intrusion detection systems

Presentation transcript:

Basics of Intrusion Detection Watch what’s going on in the system Try to detect behavior that characterizes intruders While avoiding improper detection of legitimate access At a reasonable cost

Intrusion Detection and Logging A natural match The intrusion detection system examines the log Which is being kept, anyway Secondary benefits of using the intrusion detection system to reduce the log

On-Line Vs. Off-Line Intrusion Detection Intrusion detection mechanisms can be complicated and heavy-weight Perhaps better to run them off-line E.g., at nighttime Disadvantage is that you don’t catch intrusions as they happen

Failures In Intrusion Detection False positives Legitimate activity identified as an intrusion False negatives An intrusion not noticed Subversion errors Attacks on the intrusion detection system

Desired Characteristics in Intrusion Detection Continuously running Fault tolerant Subversion resistant Minimal overhead Must observe deviations Easily tailorable Evolving Difficult to fool

Host Intrusion Detection Run the intrusion detection system on a single computer Look for problems only on that computer Often by examining the logs of the computer

Advantages of the Host Approach Lots of information to work with Only need to deal with problems on one machine Can get information in readily understandable form

Network Intrusion Detection Do the same for a local (or wide) area network Either by using distributed systems techniques Or (more commonly) by sniffing network traffic

Advantages of Network Approach Need not use up any resources on users’ machines Easier to properly configure for large installations Can observe things affecting multiple machines

Network Intrusion Detection and Data Volume Lots of information passes on the network If you grab it all, you will produce vast amounts of data Which will require vast amounts of time to process

Network Intrusion Detection and Sensors Use programs called sensors to grab only relevant data Sensors quickly examine network traffic Record the relevant stuff Discard the rest If you design sensors right, greatly reduces the problem of data volume

Wireless IDS Observe behavior of wireless network Generally 802.11 Look for problems specific to that environment E.g., attempts to crack WEP keys Usually doesn’t understand higher network protocol layers And attacks on them

Application-Specific IDS An IDS system tuned to one application or protocol E.g., SQL Can be either host or network Typically used for machines with specialized functions Web servers, database servers, etc. Possibly much lower overheads than general IDS systems