CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Network Monitoring.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
Guide to Network Defense and Countermeasures Second Edition
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Network Monitoring.
1 Reading Log Files. 2 Segment Format
IDPS (Intrusion Detection & Prevention System )
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
School of Computer Science and Information Systems
Host Intrusion Prevention Systems & Beyond
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Department Of Computer Engineering
INTRUSION DETECTION SYSTEM
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Network Intrusion Detection David LaPorte
Intrusion Detection CSC 482/582: Computer Security.
Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Network Monitoring.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway.
CIT 380: Securing Computer Systems
Breno de MedeirosFlorida State University Fall 2005 Network Intrusion Detection Systems Beyond packet filtering.
CSC 382/582: Computer SecuritySlide #1 CSC 382/582: Computer Security Integrity Management.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
1 HoneyNets, Intrusion Detection Systems, and Network Forensics.
S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
CIT 380: Securing Computer SystemsSlide #1 CIT 380 Securing Computer Systems Threats.
Machine Learning for Network Anomaly Detection Matt Mahoney.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Covert Channels.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Eric Van Horn Cosc 356.  Nearly every organization in todays era uses computers and a network to send, receive, and store information  Very important.
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
CompTIA Security+ Study Guide (SY0-401)
Snort – IDS / IPS.
CIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems
Overview of Networking & Operating System Security
CompTIA Security+ Study Guide (SY0-401)
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
CIT 380: Securing Computer Systems
Intrusion Detection Systems (IDS)
Introduction to the course
CSC 382/582: Computer Security
CIT 485: Advanced Cybersecurity
Presentation transcript:

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Network Monitoring

CIT 380: Securing Computer SystemsSlide #2 Active Responses by Network Layer Data Link: Shut down a switch port. Only useful for local intrusions. Rate limit switch ports. Network: Block a particular IP address. –Inline: can perform blocking itself. –Non-inline: send request to firewall. Transport: Send TCP RST or ICMP messages to sender and target to tear down TCP sessions.

Active Responses by Network Layer Application: Inline IPS can modify application data to be harmless: /bin/sh -> /ben/sh CIT 380: Securing Computer SystemsSlide #3

CIT 380: Securing Computer SystemsSlide #4 Host IDS and IPS Anti-virus and anti-spyware –AVG anti-virus, SpyBot S&D Log monitors –swatch, logwatch Integrity checkers –tripwire, osiris, samhain –Monitor file checksums, etc. Application shims –mod_security

CIT 380: Securing Computer SystemsSlide #5 Evading IDS and IPS Alter appearance to prevent sig match –URL encode parameters to avoid match. –Use ‘ or 783>412-- for SQL injection. Alter context –Change TTL so IDS sees different packets than target hosts receives. –Fragment packets so that IDS and target host reassemble the packets differently.

CIT 380: Securing Computer SystemsSlide #6 Fragment Evasion Techniques Use fragments –Older IDS cannot handle reassembly. Flood of fragments –DoS via heavy use of CPU/RAM on IDS. Tiny fragment –Break attack into multiple fragments, none of which match signature. –ex: frag 1:“cat /etc”, frag 2: “/shadow” Overlapping fragments –Offset of later fragments overwrites earlier fragments. –ex: frag 1: “cat /etc/fred”, frag 2: offset=10, “shadow” –Different OSes deal differently with overlapping.

CIT 380: Securing Computer SystemsSlide #7 Web Evasion Techniques URL encoding –GET /%63%67%69%2d%62%69%6e/bad.cgi /./ directory insertion –GET /./cgi-bin/./bad.cgi Long directory insertion –GET /junklongdirectorypathstuffhereuseless/../cgi-bin/bad.cgi –IDS may only read first part of URL for speed. Tab separation –GET /cgi-bin/bad.cgi –Tabs usually work on servers, but may not be in sig. Case sensitivity –GET /CGI-BIN/bad.cgi –Windows filenames are case insensitive, but signature may not be.

CIT 380: Securing Computer SystemsSlide #8 Countering Evasion Keep IDS/IPS signatures up to date. –On daily or weekly basis. Use both host and network IDS/IPS. –Host-based harder to evade as runs on host. –Fragment attacks can’t evade host IDS. –Network IDS still useful as overall monitor. Like any alarm, IDS/IPS has –False positives –False negatives

CIT 380: Securing Computer SystemsSlide #9 Key Points Models of IDS: –Anomaly detection: unexpected events. –Misuse detection: violations of policy. IDS Architecture: –Agents. –Director. –Notifiers. Types of IDS –Host: agent on host checks files, procs to detect attacks. –Network: sniffs and analyzes packets to detect intrusions. IDS/IPS Evasion –Alter appearance to avoid signature match. –Alter context to so IDS interprets differently than host.

CIT 380: Securing Computer SystemsSlide #10 References 1.Richard Bejtlich, The Tao of Network Security Monitoring, Addison-Wesley, Matt Bishop, Computer Security: Art and Science, Addison-Wesley, Brian Caswell, et. al., Snort 2.0 Intrusion Detection, Snygress, William Cheswick, Steven Bellovin, and Avriel Rubin, Firewalls and Internet Security, 2 nd edition, The Honeynet Project, Know Your Enemy, 2 nd edition, Addison-Wesley, Richard A. Kemmerer and Giovanni Vigna, “Intrusion Detection: A Brief History and Overview,” IEEE Security & Privacy, v1 n1, Apr 2002, pp Steven Northcutt and Julie Novak, Network Intrusion Detection, 3 rd edition, New Riders, Michael Rash et. al., Intrusion Prevention and Active Response, Syngress, Rafiq Rehman, Intrusion Detection Systems with Snort: Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID, Prentice Hall, Ed Skoudis, Counter Hack Reloaded 2/e, Prentice Hall, Ed Skoudis and Lenny Zeltser, Malware: Fighting Malicious Code, Prentice Hall, 2003.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.