Presentation is loading. Please wait.

Presentation is loading. Please wait.

FORESEC Academy FORESEC Academy Security Essentials (III)

Published byFrank Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "FORESEC Academy FORESEC Academy Security Essentials (III)"— Presentation transcript:

1 FORESEC Academy FORESEC Academy Security Essentials (III)

2 FORESEC Academy Need for Network-based Intrusion Detection  Most attacks come from the Internet  Detecting these attacks allows a site to tune defenses  If we correlate data from a large number of sources we increase our capability The statistic that 90% of all attacks are perpetrated by insiders is dead wrong.

3 FORESEC Academy Inside a Network Attack WinNuke, (also called OOBNuke), uses TCP 139 and OOB Data, even if NetBIOS is not enabled. It results in the “Blue Screen of Death”. Patches/service packs are available OOB stands for Out Of Band and is actually misnamed; it should say.Urgent mode., which is Urgent bit set in the TCP header flags and the urgent pointer.

4 FORESEC Academy Nuke’eM Screen

5 FORESEC Academy BlackIce – Nuke ‘Em Detection

6 FORESEC Academy Network Intrusion Detection 101

7 FORESEC Academy BlackIce - Enable Logging

8 FORESEC Academy BlackIce - Viewing Logs

9 FORESEC Academy BlackIce - Visualization Tools

10 FORESEC Academy Libpcap-based Systems

11 FORESEC Academy Network Intrusion Detection With Snort

12 FORESEC Academy Snort Design Goals  Low cost, lightweight  Suitable for monitoring multiple sites/sensors  Low false alarm rate  Efficient detect system  Low effort for reporting

13 FORESEC Academy Snort

14 FORESEC Academy Writing Snort Rules  Can create custom rules to filter on specific content.  Pre-loaded with hundreds of rules (but you may need to create one or more custom rules)  Simple to write yet powerful enough to capture most types of traffic  Options - Basic (Pass, Log, Alert) - Advanced (Activate, Dynamic)

15 FORESEC Academy

Download ppt "FORESEC Academy FORESEC Academy Security Essentials (III)"

Similar presentations

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
ENHANCED NETWORK MANAGEMENT SYSTEM FOR INNOVATIVE UHP VSAT PLATFORM

ENHANCED NETWORK MANAGEMENT SYSTEM FOR INNOVATIVE UHP VSAT PLATFORM
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.

Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.

IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
MONITORING TOOLS Open Source Security Tools to monitor your network.

MONITORING TOOLS Open Source Security Tools to monitor your network.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) Programming with Libpcap.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) Programming with Libpcap.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google