Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.

Published byMadeline Johns Modified over 8 years ago

Similar presentations

Presentation on theme: "Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management."— Presentation transcript:

1 Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management

2 Overview Define IDPS The Prevention Configurations Two Types of IDPS Two types of Detection Managing IDPSs

3 What is an IDPS? Intrusion detection & prevention systems – also know as intrusion detection systems(IDS) or intrusion prevention system (IPS), are systems that notifies the user/s when the system detects a violation. Can be audible, visual, or silent alarms (messages, emails, notifications) Ex: burglar alarm – sets off audible/visible alarm when window is opened or broken

4 Who is notified? Most IDPS systems are set up to notify the administrators via Email Text Pages Systems can also be configured to notify outside InfoSec organizations As an alarm notifies you and the police

5 Prevention Systems prevent attacks from succeeding by one of the following: Stopping the attack by terminating the network connection or the attacker’s user session – Lock down the house Changing the security environment by reconfiguring network devices to block access to the targeted system – Change the locks Changing the attacker’s content to make it benign – Remove infect file in an email before the recipient gets/opens its

6 Configurations Admins can configure different levels of alarm levels of IDPS IDPS require complex configurations to provide appropriate detection and response IDPS are configured to be based on two different things Host-Based Network Based IDPS also are configured to be based on two different detection methods Signature-Based Statically Anomaly Based (Anomaly Based)

7 Hosted-Based IDPS (HIDPS) Detects and prevents unwanted actions on a host or multiple hosts computers Works by configuring and classifying various categories of systems and data files Can configure to report any changes to sensitive files or folders Ex: C:\Windows Ex: C:\Program Files\Office

8 Network-Based IDPS (NIPDS) Monitors Network Traffic Notifies when a predefined condition occurs Looks for patterns in network traffic Ex: Collection of related traffic that can be an indication of DoS Ex: series of related packets, which means a port scans Requires complex configuration Must match known and unknown attack patterns

9 Signature-Based Detection IDPS Very similar to anti-virus software Also known as knowledge-based IDPS Examines data traffic for something that matches the signature predetermined attack patterns Weakness Signature must be constantly updated Time frame of attack matters (slow attacks may be undetected)

10 Anomaly-Based Detection IDPS Behavior-Based IDPS Collects data from normal traffic to create baseline Then samples traffic using statistcal methods and compares to baseline When falls out of baseline parameters (clipping level) it notifies admins Variables include Host’s memory Host’s CPU usage Network packet types Packet quantities

11 Anomaly-Based Detection IDPS Advantages: able to detect new types of attacks due to abnormality to baseline Disadvantages: Require significant overhead and processing capacity May not detect minor changes in system

12 Managing an IDPS System needs human component so to respond to alerts IDPS does not take actions by itself, unless programmed to Needs to be configured by those with…knowledge Technical Business Security Needs to be configured and maintained to lower false- positive rates Configuration also helps out with different types of notifications

13 Managing an IDPS Bad configuration leads to Mostly false positive alerts Waste of time and resources Overload of data Humans making false positive worse Most IDPSs monitor systems by means of agents Agents (sensors) is a piece of software that resides on a system and reports back to a management server Must also be carefully configured to use secure communications

14 Managing an IDPS It is best to consolidate enterprise management services to manage a good IDPS Allows for collection of data from multiple host-bases and network-based IDPS and look for patterns This allows admin/manager to monitor all devices so that if the attacker moves his attack across the network Consolidation leads to a central monitor hub

15 Work Cited Whitman, E. Michael, and aHerbert J. Mattord. Management of Information Security. Cengage Learning, 2010. Print.

Download ppt "Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management."

Similar presentations

Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Security Technology: Intrusion Detection, Access Control and Other Security Tools Chapter 7.

Security Technology: Intrusion Detection, Access Control and Other Security Tools Chapter 7.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection MIS.5213.011 ALTER 0A234 Lecture 3.

Intrusion Detection MIS ALTER 0A234 Lecture 3.
1 Intrusion Detection Prevention Systems Prepared by: Abeer Saif Supervised by: Dr. Lo’ai Tawalbeh.

1 Intrusion Detection Prevention Systems Prepared by: Abeer Saif Supervised by: Dr. Lo’ai Tawalbeh.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Similar presentations

Ads by Google