Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Surapheal Belay ITEC 6322 / Spring 2009. ABSTRACT NIST 800-94, guide to intrusion detection and prevention systems (IDPS), discusses four types of.

Similar presentations


Presentation on theme: "By: Surapheal Belay ITEC 6322 / Spring 2009. ABSTRACT NIST 800-94, guide to intrusion detection and prevention systems (IDPS), discusses four types of."— Presentation transcript:

1 By: Surapheal Belay ITEC 6322 / Spring 2009

2 ABSTRACT NIST 800-94, guide to intrusion detection and prevention systems (IDPS), discusses four types of IDPS technologies. IDPS is the process of monitoring the events occurring in a computer network and analyzing them for signs of possible incidents.

3 PROBLEM STATEMENT  Nonetheless, how do you secure a threat that is not external but internal? What happens when intrusion detection and prevention system does not catch the threat?  The solution would be a network behavior analysis tool.

4 RELEVANCE/IMPORTANCE

5 WHAT IS UNUSUAL TRAFFIC FLOWS? NIST explains unusual traffic flows as anything outside of the baseline. For example, distributed denial of service (DDoS) attacks, certain forms of malware (e.g., worms, backdoors), and policy violations (e.g., a client system providing network services to other systems).

6 WHAT IS NETWORK BEHAVIOR ANALYSIS? Network behavior analysis provides a variety of security capabilities; such as, information gathering, logging, detection, and prevention.

7 NETWORK MONITORING TO PREVENT MALICIOUS ACTIVITIES  Flow Matrix by Akma Labs is a free security tool that provides network behavioral analysis and anomaly detection.  Scrutinizer by Plixer International provides the same service as Flow Matrix along with more services for detection, logging, and a much better GUI design that is easy to read.

8 SUMMARY Network behavior analysis (NBA) is a way to enhance the security of a computer network by monitoring traffic and noting unusual actions or departures from normal operation. Conventional IDPS solutions defend a network's perimeter by using packet inspection, signature detection and real-time blocking. NBA solutions watch what's happening inside the network.

9 REFERENCES http://www.plixer.com/products/scrutinizer.php http://www.akmalabs.com/flowmatrix.php http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1225491,00.html http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf http://www.forbes.com/feeds/ap/2009/05/07/ap6394254.html http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=212901505 http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm http://www.computerweekly.com/Articles/2008/01/17/228976/ikea-plugs-website-security-breach.htm http://cpanelsecurity.com/2008/01/17/ikea-plugs-website-security-breach-computer-weekly/


Download ppt "By: Surapheal Belay ITEC 6322 / Spring 2009. ABSTRACT NIST 800-94, guide to intrusion detection and prevention systems (IDPS), discusses four types of."

Similar presentations


Ads by Google