Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.

Published byKristian Spencer Modified over 9 years ago

Similar presentations

Presentation on theme: "Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security."— Presentation transcript:

1 Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security 2000

2 2 Setting Public university department –Lean budget –Priority on openness –Limited technical knowledge –Independent faculty –Heterogeneous computing environment

3 3 Setting Implications for security –Prime target for crackers –Not everyone understands need for security –Policy can be hard to implement –Solutions must be: Inexpensive Unobtrusive

4 4 Solutions Focus on Open Source Software –Often cost-free –Can run on inexpensive hardware Prioritize security activities –Prevention –Detection –Maintenance –Only then identify

5 5 Prevention Verify clean systems or detection can be subverted Identify platform specific vulnerabilities –Patch operating systems –Patch server software (www, ftp, etc.) Enforce good user practices (especially as regards passwords).

6 6 Detection Network based –Network Flight Recorder (NFR) Academic Research version –Snort –Tcpdump Host based –Tripwire

7 7 Detection Create a watchtower –Minimal open ports SSH Only visible from within subnet –Used many of the same tools mentioned above About $2000 to $2500 –FreeBSD OS –Commodity components

8 8 Network Based IDS Switched versus shared may cause complications –Network IDS needs to see the network –Can work in a switched environment, but: Depends on switching equipment Switches are often controlled outside departments False positives

9 9 Network Flight Recorder Created to act as a “black box” for intrusion detection Advantages –Records all network traffic –Alerts on specific signatures –Good query tools –Remote interface

10 10 Network Flight Recorder Disadvantages –Data collection takes up space –Space management feature didn’t always work –No longer freely available

11 11 Snort Created to be a lightweight network IDS –Lightweight meaning compact and efficient –Not lightweight on performance Advantages –Small size –Easy to install –Open source development means continued enhancement

12 12 Snort Disadvantages –Only saves suspect traffic –No query features But other developers are working on this –Experiencing growing pains

13 13 Tcpdump Simple but powerful utility for listening to network traffic Advantages –Can collect packet payload –Indispensable in understanding exploits Disadvantages –Massive data storage requirements

14 14 Tripwire Host-based IDS that calculates digital signatures of specified files Differences between older open source version and newer commercial version –Signed files require pass phrase to change –Levels of violation

15 15 Tripwire Advantages –Doesn’t depend on network –Minimal false positives –Can catch local exploits

16 16 Tripwire Disadvantages –Requires careful setup to prevent subversion –Databases must be kept up to date Best in hierarchical structure –Minimizes possibility of tampering

17 17 Conclusions There are plenty of free tools out there Host based better than network based –IPv6 –Encrypted traffic Tripwire is a preferred tool –Works well now to detect attacks –Potential to be enhanced even more

18 18 Questions? Comments?

19 19 URLs Network Flight Recorder –http://www.nfr.com/http://www.nfr.com/ Snort –http://www.snort.org/http://www.snort.org/ Tripwire –http://www.tripwire.com/http://www.tripwire.com/ Updated info –http://www.gslis.utexas.edu/~shanew/security.htmlhttp://www.gslis.utexas.edu/~shanew/security.html

Download ppt "Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security."

Similar presentations

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
The Security Network Track # 2, Panel #3 Presented by John C. Deal Erik Visnyak October 6, 2009 CyberSecurity for the GIG; a historical perspective.

The Security Network Track # 2, Panel #3 Presented by John C. Deal Erik Visnyak October 6, 2009 CyberSecurity for the GIG; a historical perspective.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Similar presentations

Ads by Google