1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Guide to Network Defense and Countermeasures Second Edition
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
S E C U R E C O M P U T I N G Intrusion Tolerant Server Infrastructure Dick O’Brien, Tammy Kappel, Clint Bitzer OASIS PI Meeting March 14, 2002.
Intrusion Detection Chapter 12.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
Intrusion Detection Chapter 12.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Honeypot and Intrusion Detection System
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Guide to Network Defense and Countermeasures
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Intrusion Detection Cyber Security Spring Reading material Chapter 25 from Computer Security, Matt Bishop Snort –
Network Security Lewis R. Folkerth, P. E. Consumers Energy Energy Management Systems
1 Figure 10-4: Intrusion Detection Systems (IDSs) IDSs  Event logging in log files  Analysis of log file data  Alarms Too many false positives (false.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Security fundamentals Topic 13 Detecting and responding to incidents.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
IS3220 Information Technology Infrastructure Security
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
DETECTING INTRUSIONS By Matthew Morrow. WHAT ARE INTRUSIONS? Definition: “To compromise a computer system by breaking the security of such a system or.
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
IDS Intrusion Detection Systems
NETWORK SECURITY LAB Lab 9. IDS and IPS.
CompTIA Security+ Study Guide (SY0-501)
Intrusion Detection Systems (IDS)
Chapter 4: Protecting the Organization
How to Detect Attacks and Supervise Rail Systems?
Presentation transcript:

1 Chapter 7 Intrusion Detection

2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion detection Learn about host intrusion detection Recognize the importance of honeypots Learn how operators analyze and respond to events

3 Intrusion Detection Overview

4 Layered detection to proactively monitor networks and systems –1 st layer: Network monitoring –2 nd layer: System (host) monitoring –3 rd layer: Trending and analysis –4 th layer: Current news and information

5 Intrusion Detection Overview Recording activity to provide another mechanism with monitoring –IDS –Network device logging (e.g., firewalls, routers, etc.) –System logging

6 Intrusion Detection Overview Distraction and setting traps to entice attackers for monitoring purposes –Emulating OS or applications –Delaying network responses –Displaying deceptive error messages –Restricting the number of connections –Restricting the time allowed for connections –Running all applications as a non-privileged user

7 Intrusion Detection Overview False positives are biggest problem for IDS Some solutions include: –Filtering –Summation of events –Rule modification

8 Network Intrusion Detection

9 Sensors Hardware devices Software applications Commercial vendors: Cisco, Enterasys, ISS Freeware: Snort

10 Network Intrusion Detection Sensor placement Use multiple sensors Do not overwhelm sensors with traffic Place at every Internet access point Place at every extranet access point Place on both sides of a firewall Do not flood network with NIDS traffic

11 Network Intrusion Detection

12 Network Intrusion Detection Sensor deployment 1.Determine placement 2.Configure sensor 3.Place sensor on network 4.Upload latest signatures 5.Test sensor for a period of time 6.Place sensor in production 7.Continue to patch and update signatures

13 Network Intrusion Detection Other NIDS components NIDS manager NIDS database NIDS console

14 Host Intrusion Detection

15 Host Intrusion Detection Sensors Software application Commercial vendors: Cisco, Enterasys, ISS, Tripwire, Symantec Freeware: Tripwire, LIDS

16 Host Intrusion Detection Placement Use on critical systems Watch resource utilization Deploy infrastructure where sensor software can be easily updated

17 Host Intrusion Detection Deployment 1.Install HIDS software 2.Configure HIDS software 3.Test software for a period of time 4.Place sensor in production 5.Continue to patch and update signatures

18 Honeypots

19 Honeypots Various flavors: Secure system that alerts whenever security controls are bypassed Insecure systems that alerts whenever activity takes place Emulates another OS Modifies network communication to trap or slow down attackers

20 Analyzing IDS Monitoring and Responding to Events Operator must determine if event is real threat: Understand network or system “personality” Correlate events Bring in analyst for further investigation Hand-off to incident management team

21 Summary Network IDS provides the first layer in detective defenses by monitoring network activity. Host IDS and honeypots offer a second layer of defenses in monitoring the activity on the systems themselves. Data collection and analysis provide another layer to help organizations determine trending of attacks. Finally, current news provides organizations with critical information on newly discovered attacks.

22 Summary Intrusion detection systems can record malicious activity, distract attackers from real targets, and stall would-be attackers to buy response time. The single biggest problem with IDS technologies is the false positives generated. Using filtering, summarization, and rule modification, organizations can effectively lessen the number of false positives received. NIDS sensors are an essential part of intrusion detection because they can view all traffic on a particular network segment.

23 Summary HIDS sensors are useful for detecting attacks against a specific computer. Honeypots are extremely flexible and useful in watching attackers in action. Additionally, honeypots can distract attackers away from real data targets. Proper monitoring is comprised of two components of equal importance: intrusion detection devices and operators who are trained to analyze and respond to events.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.