Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Published byRandolph Briggs Modified over 9 years ago

Similar presentations

Presentation on theme: "Intrusion Detection Systems By: William Pinkerton and Sean Burnside."— Presentation transcript:

1 Intrusion Detection Systems By: William Pinkerton and Sean Burnside

2 What is IDS IDS is the acronym for Intrusion Detection Systems Secure systems from attack Attacks on a system are through the network, by either:  Crackers  Hackers  Disgruntled Employees Five different kinds of intrusion detection systems 1.Network-based 2.Protocol-based 3.Application-based 4.Host-based 5.Hybrid

3 History of IDS Began Mid 1980’s James P. Anderson “Computer Security Threat Monitoring and Surveillance” Fred Cohen The inventor of defenses against viruses Said, “It is impossible to detect an intrusion in every case” and “the resources needed to detect intrusion grows with the amount of usage” Dorthy E. Denning assisted by Peter Neuman Created an anomaly-based intrusion detection system Named Intrusion Detection Expert System Later version was named Next-generation Intrusion Detection Expert System

4 Passive vs. Reactive Systems Passive System First detects a breach Logs the breach and/or alerts the administrator(s) Reactive System Takes more action of alerting the breach, by either:  Resetting the connection  Reprograms the firewall

5 Firewall and Antivirus vs. IDS Firewall Blocks potentially harmful incoming or outgoing traffic Does not detect intrusions Antivirus Scans files to identify or eliminate, either:  Malicious Software  Computer Viruses Intrusion Detection Systems Alert an administrator(s) of suspicious activity Looks for intrusions before they happen **Note: For maximum protection it is best to have all three!!**

6 5 Methods of IDS 1.Network-based Intrusion Detection System 2.Protocol-based Intrusion Detection System 3.Application-based Intrusion Detection System 4.Host-based Intrusion Detection System 5.Hybrid Intrusion Detection System

7 Network-based Intrusion Detection System Runs on different points of a network Scans for DOS attacks, activities on ports and hacking Also scans incoming and outgoing packets that are bad Pros Not much overhead on network Installing, upkeep and securing is easy Undetectable by most hacks Cons Has trouble with large networks

8 Network-based Intrusion Detection System (cont.) Cons (cont.) Has trouble with switch based networks No reporting if attack fails or succeeds Cannot look at encrypted data

9 Protocol-based Intrusion Detection System Sits at the front end of a server Usually used for web servers Two uses Making sure a protocol is enforced and used correctly Teaching the system constructs of a protocol Pros Easier for system to pick up on attacks since it is protocol based Cons Rules for protocols come out slowly could be a gap in attacks

10 Host-based Intrusion Detection System Internally based detection system Analyses a system four ways File system monitoring Logfile analysis Connection analysis Kernel based intrusion Pros Analyses encrypted data Can keep up with switch based networks Provides more information about attacks

11 Host-based Intrusion Detection System (cont.) Pros (cont.) System can tell what processes where used in the attack System can tell the users involved in the attack Cons Decrease in network performance if multiple hosts are analyzed If the host machine is broken the system can be disabled Affected by DOS attacks Needs allot of resources

12 Application-based Intrusion Detection System System is application specific Monitor dynamic behaviors and states of protocol The system analyzes the communication between applications Pros Greater chance of detecting an attack since it is application specific Can look at encrypted data Con Needs a lot of processing power

13 Hybrid Intrusion Detection System Combines two or more systems Pros It has the same pros as the systems that it is based on Cons It has the same cons as the systems that it is based on

14 Top 5 IDS 1.Snort 2.OSSEC HIDS 3.Fragrouter 4.BASE 5.Squil

15 Lightweight, open source Originally named bro Developed by Lawrence Berkeley National Laboratory in 1998 The most widely used Intrusion detection system Capable of performing packet logging and real time traffic analysis over IP networks

16 OSSEC HIDS Strong log analysis engine Correlate and analyze logs from different devices and formats Can be centralized Many different systems can be monitored Runs on most operating systems Linus OpenBSD Mac OS X Solaris FreeBSD Windows

17 Fragrouter Used to evade intrusion detection systems Limited to certain operating systems BSD Linux Good tool for finding weaknesses on a network, computers, or servers that ids may not be able to find

18 BASE Written in php Nice web front in Analyzes data stored in a database that is populated by firewalls, ids, and network monitoring tools

19 Sguil Known for it’s graphical user interface Runs on operating systems that support tcl/tk Linux BSD Solaris MacOS Win32 Network security monitoring Provides intrusion detection system alerts

20 Question Time…

Download ppt "Intrusion Detection Systems By: William Pinkerton and Sean Burnside."

Similar presentations

The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.

(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google