Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Host Intrusion Prevention Systems & Beyond
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.
Security Guidelines and Management
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Security’s Final Fantasy Virtual Networks with User Mode Linux.
Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
Signature Based and Anomaly Based Network Intrusion Detection
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Computer project – computer virus 1D Christy Chan (9) Patricia Cheung (14)
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
Systems II San Pham CS /20/03. Topics Operating Systems Resource Management – Process Management – CPU Scheduling – Deadlock Protection/Security.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Cryptography and Network Security Sixth Edition by William Stallings.
NetTech Solutions Protecting the Computer Lesson 10.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Advanced Anti-Virus Techniques
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Janis Buikauskis Joe Kubena Kyle Nelson Chris Schrader.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits.
Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
By Kyle Bickel.  Securing a host computer is making sure that your computer is secure when it’s connected to the internet  This be done by several protective.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Information Systems Design and Development Security Precautions Computing Science.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Working at a Small-to-Medium Business or ISP – Chapter 8
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
NETWORK SECURITY LAB Lab 9. IDS and IPS.
Intrusion Detection & Prevention
Intrusion detection systems?
Intrusion Prevention Systems
Chapter 22: Malicious Logic
Intrusion Detection system
Presentation transcript:

Presented by Justin Bode CS 450 – Computer Security February 17, 2010

To show importance of network security

Why the need for IPS?

 Anti-Virus Programs ◦ Need to be updated constantly – Might be too late ◦ React rather than protect  Firewalls ◦ Can block traffic but needs to allow some through ◦ Attacks can still get in  Intrusion Detection Systems ◦ Scans the network for signs of intrusion ◦ Merely reports – Requires user action to stop attacks ◦ IDS evasion techniques are becoming common

How do they work? Types of IPS?

 Software based heuristic approach ◦ Similar to IDS but has added functionality to block  Sandbox ◦ Runs mobile code in isolated environment and looks at the result  Hybrid ◦ Uses multiple detection methods and blocks imminent attacks  Kernel Based Protection ◦ Agent installed between user application and kernel ◦ Malicious system calls are blocked.

 Network based ◦ Inline hardware systems ◦ Uses signature, anomaly, and proprietary detection methods ◦ Traffic normalization – removes protocol ambiguities to ensure the NIPS sees the same thing as the end host  Cons? ◦ High rate of false positives ◦ What if NIPS goes down?

 Host based ◦ Installed on host computer ◦ Hooks onto kernel and looks at all system calls ◦ If system call isn’t normal, it is blocked. ◦ Use of “interceptors” - StormWatch  File system  Network  Configuration  Execution space  Cons? ◦ Resource intensive – checking all calls, sandboxing

I’ll answer if I know it

SANS Institute – Intrusion Prevention Systems by Dinesh Sequeira November 2002 Wikipedia – Intrusion Prevention Systems (For the basic stuff)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.