Intrusion Detection/Prevention Systems Charles Poff Bearing Point.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Guide to Network Defense and Countermeasures Second Edition
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Host Intrusion Prevention Systems & Beyond
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
EDUCAUSE Security 2006 Internet John Brown University.
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
Office of Science U.S. Department of Energy The Bro Intrusion Detection Stephen Lau NERSC/LBNL November 20, 2003 SC2003 Phoenix, AZ.
Hacker Zombie Computer Reflectors Target.
Network Intrusion Detection Systems Ali Shayan October 2008.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
1 TCP/IP Perversion Rares Stefan, Third Brigade Inc. SecTor 2007.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Network Monitoring.
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
Module 7: Advanced Application and Web Filtering.
Intrusion Detection Cyber Security Spring Reading material Chapter 25 from Computer Security, Matt Bishop Snort –
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
© 2009 WatchGuard Technologies WatchGuard ReputationAuthority Rejecting Unwanted & Web Traffic at the Perimeter.
Snort - Lightweight Intrusion Detection for Networks YOUNG Wo Sang Program Committee, PISA
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
CompTIA Security+ Study Guide (SY0-401)
Top 5 Open Source Firewall Software for Linux User
HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager
EN Lecture Notes Spring 2016
Intrusion Prevention Systems
Click to edit Master subtitle style
CompTIA Security+ Study Guide (SY0-401)
Intrusion Detection system
Presentation transcript:

Intrusion Detection/Prevention Systems Charles Poff Bearing Point

Intrusion Detection Systems Intrusion Detection System (IDS) –Passive –Hardware\software based –Uses attack signatures –Configuration SPAN/Mirror Ports Generates alerts ( , pager) After the fact response

Intrusion Prevention Systems Intrusion Prevention System (IPS) –Also called Network Defense Systems (NDS) –Inline & active –Hardware\software based –Uses attack signatures –Configuration Inline w/fail over features. Generates alerts ( , pager) Real time response

IDS vs. IPS IPS evolved from IDS Need to stop attacks in real time After the fact attacks have lesser value IDS is cheaper. Several Open Source IDS/IPS –Software based IPS = EXPENSIVE –Hardware based (ASIC & FPGA)

Detection Capabilities Signatures –Based on current exploits (worm, viruses) –Detect malware, spyware and other malicious programs. –Bad traffic detection, traffic normalization Anomaly Detection –Analyzes TCP/IP parameters Normalization Fragmentation/reassembly Header & checksum problems

Evasion Techniques Encryption –IPSec, SSH, Blowfish, SSL, etc. Placement of IPS sensors are crucial Lead to architectural problems False sense of security –Encryption Key Exchange IPS sensors can usually detect/see encryption key exchanges IPS sensors can usually detected unknown protocols

Evasion Techniques (cont.) –Packet Fragmentation Reassembly – 1.) out of order, 2.) storage of fragments (D.o.S) Overlapping – different size packets arrive out of order and in overlapping positions. Newly arrived packets can overwrite older data.

Evasion Techniques (cont.) Zero day exploits (XSS, SQL Injection) –Not caught by signatures –Not detected by normalization triggers –Specific to custom applications/DBs. Social engineering –Verbal communication –Malicious access via legitimate credentials Poor configuration management –Mis-configurations allow simple access not detected. –Increases attack vectors

Vendors Open Source –SNORT (IDS/IPS) – my favorite –Prelude (IDS) –HoneyNet (Honey Pot/IDS) Commercial –TippingPoint –Internet Security Systems –Juniper –RadWare –Mirage Networks

Tools of the Trade Fuzzers – SPIKE, WebScarab, ADMmutate, ISIC, Burp Suite Scanners - Nessus, NMAP, Nikto, Whisker Fragmentation – ADMmutate, Fragroute, Fragrouter, ettercap, dSniff Sniffers – ethereal, dSniff, ettercap, TCPDump Web Sites – –packetstormsecurity.nl –

Future of IDS/IPS Many security appliances ONE –IDS/IPS, SPAM, AV, Content Filtering IDS will continue to loose market share IPS, including malware, spyware, av are gaining market share Security awareness is increasing Attacks are getting sophisticated –Worms, XSS, SQL Injection, etc.

Your Organization Whats protecting your organization? Future Plans? Products and vendors? Evolution of security infrastructure.

Question Question & comments

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.