Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

Published byMaurice Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we."— Presentation transcript:

1 IDS Mike O’Connor Eric Tallman Matt Yasiejko

2 Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we need it What it doesn’t do What it doesn’t do Setup Setup Alternatives Alternatives

3 IDS defined IDS = Intrusion Detection System IDS = Intrusion Detection System Cisco IDS-4215 Cisco IDS-4215 Placed on the switch Placed on the switch IDS vs IPS IDS vs IPS IDS = detection; “passive” IDS = detection; “passive” IPS = prevention; “active” IPS = prevention; “active” Signature driven (misuse detection) Signature driven (misuse detection)

4 IDS defined Used to detect traffic not captured by conventional firewalls Used to detect traffic not captured by conventional firewalls Network vs. Host IDS Network vs. Host IDS Network = examines traffics and monitors multiple hosts Network = examines traffics and monitors multiple hosts Host = analyzes system calls, file modifications, etc Host = analyzes system calls, file modifications, etc Misuse (signature based) vs. anomaly (self-learn) Misuse (signature based) vs. anomaly (self-learn)

5 What it does… Analyzes network traffic that has been sent to or from FA 0/24 Analyzes network traffic that has been sent to or from FA 0/24 Uses signature database to identify problematic traffic Uses signature database to identify problematic traffic Custom signatures may be added Custom signatures may be added False positives are quite possible False positives are quite possible DNS requests DNS requests IP logging, block IP, allow IP, etc IP logging, block IP, allow IP, etc Detects port scans Detects port scans

6 DNS request logged

7 Signature 4003 details

8 Port scan detected

9 Why we need IDS Nmap sweeps Vulnerability sought constantly Many attack types Above is one type of TCP sweep (SYN packets)

10 What our IDS doesn’t do Intrusion Prevention!! Intrusion Prevention!! The administrator must take action The administrator must take action Does not log traffic that does not pass through FA 0/24 Does not log traffic that does not pass through FA 0/24 This was a choice This was a choice Internal traffic is undetected at this time Internal traffic is undetected at this time

11 Setup Used CLI for IDS configuration Used CLI for IDS configuration Setup IP, gateway, name, netmask Setup IP, gateway, name, netmask Set access list Set access list Console only at the moment (134.198.161.100) Console only at the moment (134.198.161.100)

12 SPAN Switched Port ANalyzer Switched Port ANalyzer Mirrors 0/24 onto 0/23 Mirrors 0/24 onto 0/23

13 Monitor session on the switch #configure terminal #monitor session 1 source interface fastethernet 0/24 both #monitor session 1 destination interface fastethernet 0/23 #end

14 Alternatives Snort Snort Software solution to IDS/IPS Software solution to IDS/IPS Traffic analysis Traffic analysis Packet logging Packet logging Detects port scans, buffer overflows, etc Detects port scans, buffer overflows, etc IPS IPS

Download ppt "IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we."

Similar presentations

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.

Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)

DIYTP Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
Department Of Computer Engineering

Department Of Computer Engineering
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Similar presentations

Ads by Google