1 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Alarms  Interactive analysis Manual event inspection of raw log file Pattern retrieval 

Slides:



Advertisements
Similar presentations
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Advertisements

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Backing Up Your Computer Hard Drive Lou Koch June 27, 2006.
Access Control Chapter 3 Part 5 Pages 248 to 252.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
STATE OF THE PRACTICE OF INTRUSION DETECTION TECHNOLOGIES Presented by Hap Huynh Based on content by SEI.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COEN 252: Computer Forensics Router Investigation.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Guide to Network Defense and Countermeasures Second Edition Chapter 8 Intrusion Detection: Incident Response.
1 Incident Response Chapter 10 Copyright 2003 Prentice-Hall.
What is FORENSICS? Why do we need Network Forensics?
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.
Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
Chapter 9. Copyright Pearson Prentice-Hall 2010  In previous chapters, we have looked at threats, planning, and response  In Chapter 9, we complete.
© CCI Learning Solutions Inc. 1 Lesson 5: Basic Troubleshooting Techniques Computer performance Care of the computer Working with hardware Basic maintenance.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
Mark A. Magumba Storage Management. What is storage An electronic place where computer may store data and instructions for retrieval The objective of.
Chapter 6 Protecting Your Files. 2Practical PC 5 th Edition Chapter 6 Getting Started In this Chapter, you will learn: − What you should know about losing.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
XP Practical PC, 3e Chapter 6 1 Protecting Your Files.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Distributed Denial of Service Attacks
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Disaster Recovery.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
1 Figure 10-4: Intrusion Detection Systems (IDSs) HOST IDSs  Protocol Stack Monitor (like NIDS) Collects the same type of information as a NIDS Collects.
1 Figure 10-4: Intrusion Detection Systems (IDSs) IDSs  Event logging in log files  Analysis of log file data  Alarms Too many false positives (false.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Thomas Schwarz, S.J. SCU Comp. Eng COEN 252 Collection of Evidence.
HalFILE 2.1 Network Protection & Disaster Recovery.
Keeping Your Computer Safe and Running Efficiently.
Security fundamentals Topic 13 Detecting and responding to incidents.
Incident and Disaster Response Chapter 10 Copyright Pearson Prentice Hall 2013.
Understanding Backup and Recovery Methods Lesson 8.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.
Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
Security Issues and Ethics in Education Chapter 8 Brooke Blanscet, Morgan Chatman, Lynsey Turner, Bryan Howerton.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.
A Comparison Between Signature Based and Anomaly Based Intrusion Detection Systems By: Brandon Lokesak For: COSC 356 Date: 12/4/2008.
2015 TCPA WASHINGTON SUMMIT | SEPT. 27TH-29TH | WASHINGTON DC The Anatomy of a Breach Phillip Naples, Pritchard & Jerden, Inc. Jeremy Henley, ID Experts.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Security Methods and Practice CET4884
Prof. I. J. Chung Dept. of Computer & Information Science, Korea Univ. 컴퓨터와 인터넷 윤리 Professor I. J. Chung.
Chapter 6 Protecting Your Files
IDS Intrusion Detection Systems
Incident Response Chapter 10
Lesson 16-Windows NT Security Issues
Computer communications
Presentation transcript:

1 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Alarms  Interactive analysis Manual event inspection of raw log file Pattern retrieval  Reporting

2 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Automated response Dangerous Special danger of attack-back (might be illegal; might hurt victim) Automation for clear attacks brings speed of response

3 Figure 10-4: Intrusion Detection Systems (IDSs) Managing IDSs  Tuning for precision Too many false positives can overwhelm administrators, dull interest False negatives allow attacks to proceed unseen Tuning for false positives turns off unnecessary rules, reduces alarm levels of unlikely rules IDS might make tuning difficult

4 Figure 10-4: Intrusion Detection Systems (IDSs) Managing IDSs  Updates Program, attack signatures must be updated periodically  Performance If processing speed cannot keep up with network traffic, some packets will not be examined  This can make IDSs useless during DoS attacks

5 Figure 10-4: Intrusion Detection Systems (IDSs) Managing IDSs  Performance If memory requirements are too large, system might crash  Making logs smaller by saving them more frequently hurts longer-duration event correlation

6 Figure 10-8: Intrusion Detection Processes For Major Incidents Organizational Preparation  Incident response procedures  Formation of a Computer Emergency Response Team (CERT) for major incidents  Communication procedures  Rehearsals

7 Figure 10-8: Intrusion Detection Processes Initiation and Analysis  Initiation Report a potential incident Everyone must know how to report incidents  Analysis Confirm that the incident is real Determine its scope: Who is attacking; what are they doing

8 Figure 10-8: Intrusion Detection Processes Containment  Disconnection of the system from the site network or the site network from the internet (damaging) Harmful, so must be done only with proper authorization  Black-holing the attacker (only works for a short time)  Continue to collect data (allows harm to continue) to understand the situation better

9 Figure 10-8: Intrusion Detection Processes Recovery  Repair of running system (hard to do but keeps system operating with no data loss)  Restoration from backup tapes (loses data since last backup)  Reinstallation of operating system and applications Must have good configuration documentation before the incident

10 Figure 10-8: Intrusion Detection Processes Punishment  Punishing employees is fairly easy  The decision to pursue prosecution Cost and effort Probable success if pursue (often attackers are minor) Loss of reputation

11 Figure 10-8: Intrusion Detection Processes Punishment  Collecting and managing evidence Call the authorities for help Preserving evidence (the computer’s state changes rapidly)  Information on disk: Do immediate backup  Ephemeral information: Stored in RAM (who is logged in, etc.)

12 Figure 10-8: Intrusion Detection Processes Punishment  Collecting and managing evidence Protecting evidence and documenting the chain of custody  Ask upstream ISPs for a trap and trace to identify the attacker

13 Figure 10-8: Intrusion Detection Processes Communication  Warn affected people: Other departments, customers  Might need to communicate with the media; Only do so via public relations Protecting the System in the Future  Hacked system must be hardened  Especially important because many hackers will attack it in following weeks or months

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.