Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.

Published byHenry Holt Modified over 9 years ago

Similar presentations

Presentation on theme: "Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H."— Presentation transcript:

1 Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.

2 Background

3 Definition of Intrusion Detection ▪ A device dedicated to monitoring network and system resources of a company for signs of malicious activity or unauthorized access ▪ Can be hardware or software ▪ IDS differs from other vulnerability assessment tools in that it provides real time metrics ▪ A Detective Control

4 Who needs to be involved in determining What ids is best for your company? ▪ Information Security Officers ▪ Network Administrators ▪ Database Administrators ▪ Senior Management ▪ Operating System Administrators ▪ Data owners

5 Why Doesn’t Everyone Have One? ▪ Numerous different types of IDS’s ▪ Can be very expensive ▪ Requires periodic maintenance ▪ Difficult to configure ▪ Numerous false positives

6 Unauthorized Access ▪ Outsider – Someone does not have authorized access privileges ▪ Gain Access ▪ Gain possession of valid system credentials ▪ Social Engineering ▪ Guessing Username & Password ▪ Exploit system vulnerability lead to high- privileged access ▪ Administrator account (Windows) ▪ Root-equivalent account (Unix, Linux) ▪ Steal data ▪ Attack other systems VirusWormBackdoor Trojan horse User- level root kit Kernel- level root kit Blended malware

7 Attackers and Motives Script kiddy MercenaryJoy rider Nation- state backed ▪ Script Kiddy ▪ Little or no skills ▪ Download and utilize others’ exploits ▪ Joy Rider ▪ Potentially significant skills ▪ For “Pleasure” ▪ Mercenary ▪ Possess skills ▪ Sell them to purchaser ▪ Computer Crime ▪ Nation-state Backed: ▪ Against other nations ▪ Malware injection ▪ System compromises

8 Risks

9 Most Common Attacks Ping of death SYN Flood TCP/IP spoofing Man in the middle Port scan DNS Hijack

10 Ping of death  First detected in 1996  Ping:  Command to test a machine for reachability  Fragmented and sent over network  Resembled at the destination  Size of the packets > Internal buffer overflow  Bad Impact:  Operating System hard to react  Crash, System abort, or hang up

11 SYN Flood  TCP/IP - Three-hand shake  Using sequence- number prediction techniques  Device run out of memory to crash

12 TCP/IP spoofing  Attackers use a spoofed IP address  Impair the service or crash the system

13 Man in the middle  Hackers discover services they can break into  Well-known ports  Find potential weakness that can be exploited Port scan

14 DNS Hijack  Gain access to an upstream DNS server  Divert traffic to a fake web page  Modify DNS record  Queries for the original web site divert to fake web site  People land on a spoofed site at another IP address

15 Legal and regulatory requirements Involve electronic environment and electronic system Accounting regulations: SOX Privacy regulations Court rules Managing public and stakeholder expectations Affected by major or minor computer incidents Exposure of confidential information Unavailability of systems Unreliable information Dependency on information systems Increased outage cost Delay of detection and response to an outage will cost significant amounts of money Integrity Confidentiality Availability Risks

16 Control

17 IDS Log Contents Focus ON… DetectionRecognitionIdentificationConfirmationProsecution

18 Techniques Intrusion Systems Architectures

19 Active VS Passive Active Automatically block suspected and active attacks in progress Requires little to no human interaction once configured Passive Alert an operator in the event of a suspected or active attack Incapable of performing any protective or corrective functions on its own

20 Network-based vs Host-based Network-based Hardware with a network interface card (NIC) dedicated to operating in promiscuous mode segregated across different network segments. Monitors multiple computers simultaneously Host-based Intended to monitor only the system it is actively running on Not concerned with other network traffic

21 Knowledge vs Behavior Based Knowledge- based References a known constantly updated database of known and recorded malicious software to match against active network traffic. More common than behavior based Also known as signature based Behavior- Based Performs deep packet inspection on real time network activity Determines malware based on a heuristic approach.

22 Knowledge Based Scanning Cheaper and easier to operate Less false alarms Will only be able to detect known viruses and malware Requires constant updates Depends on file signatures o Many known viruses can bypass through an IDS’s defenses with obfuscation

23 Behavior & Heuristic Scanning Involves first running the file under scrutiny in a virtual/sandboxed environment Does not rely on signatures, attempts to analyze what the file does Highly dependent on artificial intelligence Can cause network delays during peak hours Capable of detecting malware that has yet to be discovered Does not require constant updates

24 Heuristic Scanning Disadvantages Share of inconveniences Long time the scan takes Depend on data too much Increased number of false positives

25 Thank You

Download ppt "Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H."

Similar presentations

Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
12-1 Last time Security in Networks Threats in Networks.

12-1 Last time Security in Networks Threats in Networks.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Similar presentations

Ads by Google