Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.

Published byNathan Maher Modified over 11 years ago

Similar presentations

Presentation on theme: "Intrusion Detection/Prevention Systems Charles Poff Bearing Point."— Presentation transcript:

1 Intrusion Detection/Prevention Systems Charles Poff Bearing Point

2 Intrusion Detection Systems Intrusion Detection System (IDS) –Passive –Hardware\software based –Uses attack signatures –Configuration SPAN/Mirror Ports Generates alerts (email, pager) After the fact response

3 Intrusion Prevention Systems Intrusion Prevention System (IPS) –Also called Network Defense Systems (NDS) –Inline & active –Hardware\software based –Uses attack signatures –Configuration Inline w/fail over features. Generates alerts (email, pager) Real time response

4 IDS vs. IPS IPS evolved from IDS Need to stop attacks in real time After the fact attacks have lesser value IDS is cheaper. Several Open Source IDS/IPS –Software based IPS = EXPENSIVE –Hardware based (ASIC & FPGA)

5 Detection Capabilities Signatures –Based on current exploits (worm, viruses) –Detect malware, spyware and other malicious programs. –Bad traffic detection, traffic normalization Anomaly Detection –Analyzes TCP/IP parameters Normalization Fragmentation/reassembly Header & checksum problems

6 Evasion Techniques Encryption –IPSec, SSH, Blowfish, SSL, etc. Placement of IPS sensors are crucial Lead to architectural problems False sense of security –Encryption Key Exchange IPS sensors can usually detect/see encryption key exchanges IPS sensors can usually detected unknown protocols

7 Evasion Techniques (cont.) –Packet Fragmentation Reassembly – 1.) out of order, 2.) storage of fragments (D.o.S) Overlapping – different size packets arrive out of order and in overlapping positions. Newly arrived packets can overwrite older data.

8 Evasion Techniques (cont.) Zero day exploits (XSS, SQL Injection) –Not caught by signatures –Not detected by normalization triggers –Specific to custom applications/DBs. Social engineering –Verbal communication –Malicious access via legitimate credentials Poor configuration management –Mis-configurations allow simple access not detected. –Increases attack vectors

9 Vendors Open Source –SNORT (IDS/IPS) – my favorite –Prelude (IDS) –HoneyNet (Honey Pot/IDS) Commercial –TippingPoint –Internet Security Systems –Juniper –RadWare –Mirage Networks

10 Tools of the Trade Fuzzers – SPIKE, WebScarab, ADMmutate, ISIC, Burp Suite Scanners - Nessus, NMAP, Nikto, Whisker Fragmentation – ADMmutate, Fragroute, Fragrouter, ettercap, dSniff Sniffers – ethereal, dSniff, ettercap, TCPDump Web Sites –www.thc.orgwww.thc.org –packetstormsecurity.nl –www.packetfactory.net

11 Future of IDS/IPS Many security appliances ONE –IDS/IPS, SPAM, AV, Content Filtering IDS will continue to loose market share IPS, including malware, spyware, av are gaining market share Security awareness is increasing Attacks are getting sophisticated –Worms, XSS, SQL Injection, etc.

12 Your Organization Whats protecting your organization? Future Plans? Products and vendors? Evolution of security infrastructure.

13 Question Question & comments

Download ppt "Intrusion Detection/Prevention Systems Charles Poff Bearing Point."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.

Similar presentations

Ads by Google