Presentation is loading. Please wait.

Presentation is loading. Please wait.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT390-01 Intrusion Detection and Incidence.

Published byHarvey Casey Modified over 7 years ago

Similar presentations

Presentation on theme: "KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT390-01 Intrusion Detection and Incidence."— Presentation transcript:

1 KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT390-01 Intrusion Detection and Incidence Response Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.edujmcdanolds@kaplan.edu Office Hours: Tuesday, 7:00 PM ET or Wednesday, 8:00 PM ET

2 UNIT 5 Agenda for Unit 5 Readings: Chapter 7 and 8 in Cisco book Chapter 7 – Network Intrusion Prevention Overview - Capabilities - Benefits - Limitations - Hybrid IPS/IDS systems - Shared IDS/IPS capabailities Chapter 8 – NIPS Components - NIPS uses sensors to analyze network traffic: standalone appliance sensors, blade-based sensors, and IPS software integrated into the OS

3 UNIT 5 Unit 5 NIPS Field Trip: NSS Labs http://www.nsslabs.com/research/network-security/network-ips/ View list of reports – most of these cost $$ to view, a few older ones are free.

4 UNIT 4 REVIEW Unit 4 Review Readings: Chapter 5 – Host Intrusion Prevention Overview - Capabilities - Benefits - Limitations Chapter 6 – HIPS Components - Essential elements of HIPS products: a software package installed on the endpoint (client or agent) AND a management infrastructure to manage the agents

5 UNIT 4 REVIEW Unit 4 Review Q and A #1 Name one limitation of a HIPS #2 Name two of the most common methods of gathering data for HIPS #3 What is a shim? For Cisco's CSA, name the Windows shims.

6 UNIT 5 Network Intrusion Prevention Capabilities, Benefits and Limitations Capabilities - Stops intrusion traffic before it enters the network by placing the sensor as a Layer 2 forwarding device. - Dropping a single packet - Dropping all packets for a connection - Dropping all traffic from a source IP Benefits – provides traffic normalization and security policy enforcement

7 UNIT 5 Network Intrusion Prevention Capabilities, Benefits and Limitations (cont.) Limitations – deployment location impacts effectiveness. Issue of excessive traffic for a single IDS sensor. - Attacker located on the Internet attacks internal network - Attacker located on the internal network attacks another system on the internal network - Attacker located on the internal network attacks a system on the Internet

8 UNIT 5 Hybrid IPS/IPS System Hybrid provides IPS protection to prevent an attack coming and going to the Internet, plus the same device can watch for attacks between two internal systems. Capabilities: generating alerts, initiating IP logging, resetting TCP connections and initiating IP blocking.

9 UNIT 5 NIPS Components Types of sensors: standalone appliance sensors, blade- based sensors and IPS software integrated into the OS Capture traffic: atomic operations, stateful operations, protocol decode operations, anomaly operations and normalizing operations Response: alerting actions, logging actions, blocking actions and dropping actions

10 UNIT 5 Sensor Capabilities Selection of IPS sensors depends upon: Security budget, amount of network traffic, network topology and security staff to operate the components. Sensor Processing Capability – besides bandwidth, consider average packet size and average number of new TCP connections per second Sensor Interfaces – monitor more locations with multiple interfaces Sensor Form Factor – deploy the correct sensor for the location

11 UNIT 5 Capturing Network Traffic Capturing traffic for in-line mode: Deploying in-line IPS between: two routers, a firewall and a router, a switch and a router, a switch and a firewall, or between two switches Capturing traffic for promiscuous mode: Cisco mechanisms to capture traffic at the switch – Switch Port Analyzer (SPAN), Remote Switch Port Analyzer (RSPAN) and VLAN Accesss Control List (VACL) Mirror Traffic – send a copy of the network traffic

12 UNIT 5 Analyzing Network Traffic IPS sensor traffic categories: - Atomic operations - Stateful operations - Protocol decode operations - Anomaly operations - Normalizing operations

13 UNIT 5 Responding to Network Traffic Actions fall into these categories: - Alerting actions - Logging actions - Blocking actions - Dropping actions

14 UNIT 5 Sensor Management and Monitoring Two categories: small and large sensor deployments Small Sensor Deployments: device monitoring, web-based monitoring, and custom reporting Large Sensor Deployments: sensor appliances, IDS modules, router modules, IOS routers, and PIX firewalls

15 UNIT 5 Web Field Trip IBM on YouTube 8 minutes video – shows dashboards http://www.youtube.com/watch?v=hKkTBf7pgJc http://www-01.ibm.com/software/tivoli/products/security-network- intrusion-prevention/

16 UNIT 5 NIPS articles Review documents in Doc Sharing NIST – Guide to Security Log Management SANS – Experimental Study of IDS

17 UNIT 5 Readings Unit 5 Readings: Chapter 7 and 8 in Intrusion Prevention Fundamentals ALSO Web Readings

18 UNIT 5 Unit 5 Assignment Review the rubric to see the point totals. Three questions – 15 points each.

19 UNIT 5 Unit 5 Assignments Download chapters from Doc Sharing Read chapters and web readings Post to Discussion Attend Seminar Complete Assignment – review rubric Email any questions: JMcDanolds@kaplan.edu Or you can call me 641-649-2980

Download ppt "KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT390-01 Intrusion Detection and Incidence."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds,

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:
UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

Similar presentations

Ads by Google