SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

F3 Collecting Network Based Evidence (NBE)

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Access Control Chapter 3 Part 5 Pages 248 to 252.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Guide to Network Defense and Countermeasures Second Edition

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

Intrusion Detection Systems and Practices

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

Host Intrusion Prevention Systems & Beyond

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

Intrusion Detection System Marmagna Desai [ 520 Presentation]

INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

Guide to Network Defense and Countermeasures

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Intrusion Intrusion Detection Systems with Snort Hailun Yan 564-project.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Cryptography and Network Security Sixth Edition by William Stallings.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Intrusion Detection System

Computer Security By Duncan Hall.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Role Of Network IDS in Network Perimeter Defense.

 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

An Introduction To Gateway Intrusion Detection Systems Hogwash GIDS Jed Haile Nitro Data Systems.

Some Great Open Source Intrusion Detection Systems (IDSs)

IDS Intrusion Detection Systems

Snort – IDS / IPS.

Outline Introduction Characteristics of intrusion detection systems

Principles of Computer Security

NETWORK SECURITY LAB Lab 9. IDS and IPS.

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

CompTIA Security+ Study Guide (SY0-501)

Intrusion Detection Systems (IDS)

Intrusion Detection system

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Intrusion-Detection Systems

Presentation transcript:

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury

What is intrusion detection? “A true intrusion detection is simply trying to detect the signs of a network intruder before damage is done to the infrastructure.” “A true intrusion detection is simply trying to detect the signs of a network intruder before damage is done to the infrastructure.” A basic example of intrusion detection mechanism would be to review system logs for suspicious activities. Example: Network logs, server logs, internet security monitor logs and even windows eventview logs. A basic example of intrusion detection mechanism would be to review system logs for suspicious activities. Example: Network logs, server logs, internet security monitor logs and even windows eventview logs.

There are two key types of IDS: Host based intrusion detection (HIDS): Host based intrusion detection (HIDS): A HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, log files or elsewhere; and check that the contents of these appear as expected. A HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, log files or elsewhere; and check that the contents of these appear as expected. Network base intrusion detection (NIDS): Network base intrusion detection (NIDS): NIDS determine when unauthorized people are attempting to break in the network system and alerts the security personal. NIDS determine when unauthorized people are attempting to break in the network system and alerts the security personal. NIDS is the final layer of intrusion detection

Why Snort as a NIDS? It is an open source IDS and thus cost effective. It is an open source IDS and thus cost effective. It is platform independent. It is platform independent. It is very flexible and easily deployable. It is very flexible and easily deployable. The rules and signatures are frequently updated. The rules and signatures are frequently updated. It is the most popular open source IDS in the world! It is the most popular open source IDS in the world!

SNORT Biopsy begin…. BUT FIRST, LETS SEE WHAT A HACKER DOES? BUT FIRST, LETS SEE WHAT A HACKER DOES? The 6 Rules of Hacking 1. Footprinting 2. Scanning 3. Enumeration 4. Gaining Access 5. Escalating 6. Covering Tracks

Snort Installation Configuration of Snort.config Configuration of Snort.config Adodb for database connectivity Adodb for database connectivity Base for the front end GUI Base for the front end GUI Mysql or SQL server as back end database Mysql or SQL server as back end database Php to support the front end Base Php to support the front end Base Winpcap Winpcap

The Duo Signature: A network IDS signature is a pattern that we want to look for in traffic. Example: Example: Denial of service attack on a POP3 server caused by issuing the same command thousands of times. One signature for this attack would be to keep track of how many times the command is issued and to alert when that number exceeds a certain threshold.. Denial of service attack on a POP3 server caused by issuing the same command thousands of times. One signature for this attack would be to keep track of how many times the command is issued and to alert when that number exceeds a certain threshold.. Rules: performs some degree of matching against a packet or stream of packets are designed to alert an operator to a network event of interest. This network event is usually identified as a suspicious or malicious activity, but some of the network events could be false positives.

Implementation There are many different ways IDS can be installed. One the most current approach is to implement as “Software as a Service”.

Five Common IDS Implementation Mistakes Ignoring frequent false positives Ignoring frequent false positives Avoiding IPSec to support NIDS Avoiding IPSec to support NIDS Monitoring only inbound connections Monitoring only inbound connections Using Shared Network Resources to gather NIDS data Using Shared Network Resources to gather NIDS data Trusting IDS analysis to non-expert analysts Trusting IDS analysis to non-expert analysts

The Future Creating an IDS that can prevent intrusion from happening before the network system is compromised. Creating an IDS that can prevent intrusion from happening before the network system is compromised. - AI. - AI. - Improved algorithm to perform pattern matching. - Improved algorithm to perform pattern matching.

Conclusion Ultimately, I think that future IDS will merge all of the independent network components and tools which exist today, into a complete and cooperative system, dedicated to keeping networks stable. There will be many distributed elements performing specific jobs, each passing the results onto a higher level for correlation and analysis. As always, the ultimate authority will be our own judgment. Ultimately, I think that future IDS will merge all of the independent network components and tools which exist today, into a complete and cooperative system, dedicated to keeping networks stable. There will be many distributed elements performing specific jobs, each passing the results onto a higher level for correlation and analysis. As always, the ultimate authority will be our own judgment.