Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection Systems (IDS)

Published byAlejandra Farías Alarcón Modified over 6 years ago

Similar presentations

Presentation on theme: "Intrusion Detection Systems (IDS)"— Presentation transcript:

1 Intrusion Detection Systems (IDS)
Jeramie Reese 11/19/2018 Jeramie Reese - IDS

2 Agenda What is Intrusion Detection? Categorizing IDS Systems
IDS Functionality Passive Scans Benefits IDS Products Open Source Project: Snort Conclusion References Jeramie Reese - IDS 11/19/2018

3 What is Intrusion Detection?
“An IDS does for a network what an antivirus software package does for files that enter a system.” “An Intrusion Detection System (IDS) is a system for detecting misuse of network or computer resources.” Sensors Connection Requests Log File Monitors File Integrity Checker User Account Auditing Jeramie Reese - IDS 11/19/2018

4 Categorizing IDS Systems
Misuse detection Anomaly detection Network-based Host-based systems Passive system Reactive system Jeramie Reese - IDS 11/19/2018

5 IDS Functionality Jeramie Reese - IDS 11/19/2018
from Jeramie Reese - IDS 11/19/2018

6 Passive Scans Active (Intrusion Prevention System: IPS) vs. Passive Scans (IDS) Collect / Analyze Information Looking for patterns of misuse Attack Signatures Authorized users overstepping permissions Patterns of abnormal activity Failed password attempts Access times Jeramie Reese - IDS 11/19/2018

7 Benefits Early warning of attack Flexible configuration options
Alerts that a Network Invasion may be in progress Help identify the source of the incoming probes or attacks Troubleshoot system anomalies Determine what has been compromised Catches insider hacking Identify attacker (proof) Jeramie Reese - IDS 11/19/2018

8 IDS Products (Commercial)
Cisco Intrusion Detection Cisco Secure IDS Director Software ($4,900) Internet Security Systems Real Secure ($8,995 per sensor) Symantec Corporation Intruder Alert (server: $995, workstation: $295) Tripwire Inc. Tripwire Manager 2.4 ($6,995) Jeramie Reese - IDS 11/19/2018

9 IDS Products (Open Source)
Naval Surface Warfare Center Shadow IDS Originally started by the Cooperative Intrusion Detection Evaluation and Response (CIDER) project Developer: Stephen P. Berry Shoki IDS Developer: Marty Roesch Snort IDS Jeramie Reese - IDS 11/19/2018

10 Snort Packet Sniffing Packet Monitoring Intrusion Detection
Similar to tcpdump Packet Monitoring Useful for network traffic debugging Intrusion Detection Applies rules on all captured packets Jeramie Reese - IDS 11/19/2018

11 Snort Rules Rule Actions Protocols IP Addresses Port Numbers
The Direction Operator Activate/Dynamic Rules Jeramie Reese - IDS 11/19/2018

12 Snort Rules Examples log tcp /24 <> /24 23 (content: "USER root"; msg: "FTP root login";) alert icmp any any -> any any (msg: “Ping with TTL=100” ttl:100;) log udp any any -> /24 1:1024 Response: Fast Mode, Full Mode, UNIX Socket Mode, SNMP, SYSLOG, etc. Jeramie Reese - IDS 11/19/2018

13 Conclusion IDS could benefit from standards Neighborhood Architecture
IDS itself can be attacked Altered to report incorrect data Heuristic data collection More focus on internal attacks Jeramie Reese - IDS 11/19/2018

14 References Honeypots; Intrusion Detection, Honeypots and Incident Handling Resources; Infosyssec; Intrusion Detection Systems FAQ; Network World Fusion; Buyer's Guide: Network-based intrusion-detection systems; Shimonski, Robert J.; What You Need to Know About Intrusion Detection Systems; Jeramie Reese - IDS 11/19/2018

Download ppt "Intrusion Detection Systems (IDS)"

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.

Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
IDPS (Intrusion Detection & Prevention System )

IDPS (Intrusion Detection & Prevention System )
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.

Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.

Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.

USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.

Similar presentations

Ads by Google