Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.

Slides:



Advertisements
Similar presentations
Packets and Protocols Chapter Seven Real World Packet Captures.
Advertisements

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Guide to Network Defense and Countermeasures Chapter 2.
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
IS 302: Information Security and Trust Week 9: User Authentication (part II) and Introduction to Internet Security 2012.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Profile-based Web Application Security System Kyungtae Kim High Performance.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
By Jim White WiredCity, Div. of OSIsoft Copyright c 2004 OSIsoft Inc. All rights reserved. Cyber Security Tools.
Chapter 5: Implementing Intrusion Prevention
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Marking Scheme for Semantic- aware Web Application Security HPC.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.
INFORMATION SECURITY UNIX & DB2. Introduction THE OBJECTIVE IS TO DESIGN SECURITY MEASURES FOR A MILITARY SYSTEM SYSTEM RUNNING A DB2 SERVER ON UNIX FOCUS.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Module 7: Advanced Application and Web Filtering.
Mark Shtern.  Secure your infrastructure using IDS, application firewalls, or honeypots  Plant your flag on opponent’s machine  Prevent intruders from.
Module 11: Designing Security for Network Perimeters.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Network Security Major Problems Network Security Major Problems Why Firewall? Why Firewall? Problems with Firewalls Problems with Firewalls What is.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Power of OSSEC By Donovan Thorpe CS 5910 Fall 2010.
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.
© 2006, iPolicy Networks, Inc. All rights reserved. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
SIEM Rotem Mesika System security engineering
IDS Intrusion Detection Systems
Top 5 Open Source Firewall Software for Linux User
Working at a Small-to-Medium Business or ISP – Chapter 8
CompTIA Server+ Certification (Exam SK0-004)
Marking Scheme for Semantic-aware Web Application Security
GCED Exam Braindumps
ISMS Information Security Management System
Identity & Access Management
Game Mark Shtern.
Game Mark Shtern.
Networking for Home and Small Businesses – Chapter 8
Security.
Intrusion Detection system
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Operating System Concepts
Presentation transcript:

Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002

Introduction Intrusion Detection System (IDS) Profile-Based: profile of normal activity Profile-Based: profile of normal activity Signature-Based: pattern of malicious activity Signature-Based: pattern of malicious activityGoal: Profile-Based Intrusion Prevention System A system the prevents (drops) packets that are flagged as abnormal.

Security for Web Servers Current Security: Firewalls, IDS and Patch & Update frequently Firewalls, IDS and Patch & Update frequently Current Problems: Vulnerability Scripts, Virus and Worms Vulnerability Scripts, Virus and Worms Corporat e network IDS Sensor Firewall Web Servers IDS Sensor Untruste d network

Profile-Based Web Intrusion Prevention System Content Switch Content Switch Web based content switch: port 80 Web based content switch: port 80 Rules Rules Define what is normal and abnormal Define what is normal and abnormal Types of rules Types of rules Rules based at Directory level Rules based at File level Update rules Update rules Periodically: every 10, 30, 60 minutes Periodically: every 10, 30, 60 minutes Dynamically: update though a socket, file or db Dynamically: update though a socket, file or db

Intrusion Prevention System (cont.) Corporat e network Untruste d network A script catalogs the web servers file system and makes rules based on that catalog. Content Switch Rule Module Web Servers Content Switch talks to Rule module about each packet.

The Rules Crontab starts a script makes a catalog of the web servers file system. From that catalog it makes an allow rule for each file or directory. Add in White List at beginning of rules. Add in “else” or “default” reject rule at the end of rules. Adds new rules to the rule module

Example Case: Directory of web server Generated rules

Results + Directory or file listing is very easy to script + Rule file can be created on web server or rule module system - Re-compile the rule module, Kill the process and then start the rule module. - Take input from a file or through a socket - Handle regular expressions for rules

References CISCO Security and VPN Software Linux Secure Content Switch Content Switch Rules and Their Conflict Detection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.