Presentation is loading. Please wait.

Presentation is loading. Please wait.

Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002."— Presentation transcript:

1 Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002

2 Introduction Intrusion Detection System (IDS) Profile-Based: profile of normal activity Profile-Based: profile of normal activity Signature-Based: pattern of malicious activity Signature-Based: pattern of malicious activityGoal: Profile-Based Intrusion Prevention System A system the prevents (drops) packets that are flagged as abnormal.

3 Security for Web Servers Current Security: Firewalls, IDS and Patch & Update frequently Firewalls, IDS and Patch & Update frequently Current Problems: Vulnerability Scripts, Virus and Worms Vulnerability Scripts, Virus and Worms Corporat e network IDS Sensor Firewall Web Servers IDS Sensor Untruste d network

4 Profile-Based Web Intrusion Prevention System Content Switch Content Switch Web based content switch: port 80 Web based content switch: port 80 Rules Rules Define what is normal and abnormal Define what is normal and abnormal Types of rules Types of rules Rules based at Directory level Rules based at File level Update rules Update rules Periodically: every 10, 30, 60 minutes Periodically: every 10, 30, 60 minutes Dynamically: update though a socket, file or db Dynamically: update though a socket, file or db

5 Intrusion Prevention System (cont.) Corporat e network Untruste d network A script catalogs the web servers file system and makes rules based on that catalog. Content Switch Rule Module Web Servers Content Switch talks to Rule module about each packet.

6 The Rules Crontab starts a script makes a catalog of the web servers file system. From that catalog it makes an allow rule for each file or directory. Add in White List at beginning of rules. Add in “else” or “default” reject rule at the end of rules. Adds new rules to the rule module

7 Example Case: Directory of web server Generated rules

8 Results + Directory or file listing is very easy to script + Rule file can be created on web server or rule module system - Re-compile the rule module, Kill the process and then start the rule module. - Take input from a file or through a socket - Handle regular expressions for rules

9 References CISCO Security and VPN Software http://www.cisco.com/en/US/products/sw/secursw/ http://www.cisco.com/en/US/products/sw/secursw/ Linux Secure Content Switch http://cs.uccs.edu/~chow/pub/master/gkgodava/doc/ Content Switch Rules and Their Conflict Detection http://cs.uccs.edu/~chow/pub/conf/pdcat/crv-n320.pdf

Download ppt "Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002."

Similar presentations

Packets and Protocols Chapter Seven Real World Packet Captures.

Packets and Protocols Chapter Seven Real World Packet Captures.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.

Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Guide to Network Defense and Countermeasures Chapter 2.

1 Guide to Network Defense and Countermeasures Chapter 2.
Brad Baker CS526 May 7 th, 2008 5/7/2008 1. 1. Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
IS 302: Information Security and Trust Week 9: User Authentication (part II) and Introduction to Internet Security 2012.

IS 302: Information Security and Trust Week 9: User Authentication (part II) and Introduction to Internet Security 2012.

Similar presentations

Ads by Google