Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Slides:



Advertisements
Similar presentations
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Advertisements

FIREWALLS Chapter 11.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Guide to Network Defense and Countermeasures Second Edition
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Chapter 12 Network Security.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Firewall Slides by John Rouda
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
Intrusion Detection Chapter 12.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
BUSINESS B1 Information Security.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Linux Networking and Security
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Security Methods and Practice CET4884
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
CompTIA Security+ Study Guide (SY0-401)
Click to edit Master subtitle style
Introduction to Networking
Firewalls.
Security in Networking
CompTIA Security+ Study Guide (SY0-401)
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Firewalls Jiang Long Spring 2002.
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Presentation transcript:

Information Systems CS-507 Lecture 40

Availability of tools and techniques on the Internet or as commercially available software that an intruder can download easily. For example, To scan ports, an intruder can easily obtain network scanners Various password cracking programs are available free or at a minimal cost. Factors Encouraging Internet Attacks

No matter how perfect a system is made by removing all possible vulnerabilities, there are still chances that weaknesses exist and the system can be intruded at any given time. Inadequate security over firewalls and operating systems may allow intruders to view internal addresses and use network services indiscriminately. Factors Encouraging Internet Attacks

Firewall Security Systems Intrusion Detection Systems Encryption Internet Security Controls

Every time a corporation connects its internal computer network to the Internet if faces potential danger. Because of the Internet’s openness, every corporate network connected to it is vulnerable to attack. Companies should build firewalls as one means of perimeter security for their networks. Firewall Security Systems

Firewall Firewalls are defined as a device installed at the point where network connections enter a site; they apply rules to control the type of networking traffic flowing in and out. The purpose is to protect the Web server by controlling all traffic between the Internet and the Web server.

To be effective, firewalls should allow individual on the corporate network to access the Internet and at the same time, stop hackers or others on the Internet from gaining access to the corporate network to cause damage. Firewall Security Systems

Deny-all philosophy -- which means that access to a given recourses will be denied unless a user can provide a specific business reason or need for access to the information resource. Accept All Philosophy -- under which everyone is allowed access unless someone can provide a reason for denying access.

System reports may also be generated to see who attempted to attack to system and tried to enter the firewall from remote locations.

Firewalls are hardware and software combinations that are built using routers, servers and variety of software. They should control the most vulnerable point between a corporate network and the Internet, and they can be as simple or complex as the corporate security policy demands. General Features of Firewall

Block access to an organization sites on the Internet Limit traffic on an organization’s public services segment to relevant addresses. Prevent certain users from accessing certain servers or services. Monitor communications between an internal and an external network Monitor and record all communications between an internal and the outside world to investigate network penetrations or detect internal subversion. Encrypt packets of data that are sent between different physical locations within an organization by creating a VPN over the Internet.

Encrypt packets that are sent between different physical locations within an organization by creating a VPN over the Internet. The capabilities of some firewalls can be extended so that they can also provide for protection against viruses and attacks directed to exploit known operating system vulnerabilities. Remote Location server protected by fire walls and IDS further complemented by IPS (Intrusion Prevention system) – Defining Specific ranges of IP addresses that may access the location with defined rights. General Features of Firewall

An IDS works in conjunction with routers and firewalls by monitoring network usage anomalies. It protects a company’s information systems resources from external as well as internal misuse. Intrusion Detection Systems (IDS)

An IDS is located in between firewall and corporate network and works in compliment with the firewall. However it can also be installed before the fire wall. IDS helps to detect both on-site unauthorized access through network based IDS, and remote unauthorized access through the use of host based IDS IDS is more concerned with recording and detecting intrusions. For blocking intrusions, an other system called Intrusion Prevention System (IPS) is used which takes input from IDS. Intrusion Detection Systems (IDS)

Components of an IDS An IDS comprise of following components: Sensors that are responsible for collecting data. The data can be in the form of network packets, log files, system call, traces, etc. Analyzers that receive input from sensors and determine intrusive activity An administrative console – it contains intrusion definitions applied by the analyzers. A user interface

Categories of IDS Host-based IDS’s Network-based IDS’s

Host-based IDS The host based IDS reside on a particular computer and provide protection for a specific computer system. They are not only equipped with system monitoring facilities but also include other modules of a typical IDS, for example the response module.

Systems that monitor incoming connection attempts. These examine host-based incoming and outgoing network connections. These are particularly related to the unauthorized connection attempts to various protocols used for network communication such as –TCP (Transmission Control Protocol) or –UDP (User Datagram Protocol) ports and can also detect incoming portscans. Systems that examine network traffic that attempts to access the host. These systems protect the host by intercepting suspicious packets and scanning them to discourage intrusion. –Network Traffic – data travel in the form of packets on network –Packet – a specific amount of data sent at a time

The network-based type of IDS (NIDS) produces data about local network usage. The NIDS reassemble and analyze all network packets that reach the network interface card. Network Based IDS

Example— Network based IDS While monitoring traffic, The NIDS’s capture all packets that they see on the network segment without analyzing them and just focusing on creating network traffic statistics.

Honeynets Honeynet (s) – does not allow the intruder to access actual data but leaves the intruder in a controlled environment which is constantly monitored. Monitoring provides information regarding the approach of the intruder.

An IDS comprises on the following: Sensors that are responsible for collecting data. The data can be in the form of network packets, log files, system call traces, etc. Analyzers that receive input from sensors and determines intrusive activity. An administration console A user interface. Components of IDS

The features available in an IDS includes: Intrusion Detections Gathering evidence on intrusive activity Automated response (i.e. termination of connection, alarm messaging) Security policy Interface with system tools Security policy management Features of IDS

An IDS can not help with the following weaknesses : Incorrectness or scope limitation in the manner threats are defined Application-level vulnerabilities Backdoors into application Weakness in identification and authentication schemes Limitations of IDS

Encryption Encryption – the process of converting data into codes (cryptograms) Encryption Original Data Ciphertext / Encrypted data

This is reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and its authenticity.

Web Server Logs The major purpose of enhancing web security is to protect web server from attacks through the use of internet. While doing that Logging is the principal component of secure administration of a Web server. Logging the appropriate data and then monitoring and analyzing those logs are critical activities. Review of Web server logs is effective, particularly for encrypted traffic, where network monitoring is far less effective.

Review of logs is a mundane activity that many Web administrators have a difficult time fitting into their hectic schedules. This is unfortunate as log files are often the best and/or only record of suspicious behavior. Failure to enable the mechanisms to record this information and use them to initiate alert mechanisms will greatly weaken or eliminate the ability to detect and assess intrusion attempts.

Web Server Logs (Contd.) Similar problems can result if necessary procedures and tools are not in place to process and analyze the log files. System and network logs can alert the Web administrator that a suspicious event has occurred and requires further investigation. Web server software can provide additional log data relevant to Web-specific events.

If the Web administrator does not take advantage of these capabilities, Web- relevant log data may not be visible or may require a significant effort to access.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.