Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDPS (Intrusion Detection & Prevention System )

Similar presentations

Presentation on theme: "IDPS (Intrusion Detection & Prevention System )"— Presentation transcript:

1 IDPS (Intrusion Detection & Prevention System )
By Varang Amin ( ) Guided By Prof. Richard Sinn

2 Agenda Introduction IDPS Why IDPS Detection Engine Features &Functions
Evaluation Test Case Future Available IDPS in Market

3 Introduction Secure Environment

4 Introduction Various options are available
IDPS , based on behavior of network and contents of each and every packet. Firewall , based on Access Control List . VPN,communication network tunneled through public network.

5 Why IDPS…… Firewall ,based on policy defined in Access Control List
Policy based filtering when session is established Not able to check each packet in network Tend to stop search when find any match. Able to shutdown the connection but not able to throttle the traffic

6 IDPS Detection method Specification Detection , based on the application reorganization rules for detecting application and attacks. Anomaly Detection, based on the behavior of the available pattern in IDPS . Integrity Check , detection based on hash values and signatures for verify the integrity of data.

7 Architecture of Detection Engine

8 Deployment IPS Network Based Host Based Hybrid

9 Deployment & Working Principals

10 IDPS Terminology Signatures , basically regular or fixed expression .
Depth Of Search Offset Example : Regular Expressions eDonkey Login Connection “\xe3.{4}[\x01\xc5] ”

11 Continue………. Fixed Expression Implemented with the help of sniffers.
eDonkey File sharing Connection “” Implemented with the help of sniffers.

12 Continue…. Traffic Anomaly Throttle the network traffic.
Protocol Anomaly For Standard Service False Positives Incorrect application detected . False Negatives Application Not Detected

13 Evaluation of IDPS Generate some manual traffic of open source attacks . IXIA Smart bits Existing service from Windows or Linux OS.

14 Test Case 1 By pass the IPS.

15 Test Case 2 Fragment the Attack

16 Test Case 3 TTL based attacks

17 Future Enhancement …… Can be more sophisticated application
Session Monitoring Learning UTM

18 IDPS Example Cisco 6000 Family IDS Snap Gear by Secure Computing
Linux IP Tables (Open Source) Snort Intrupro Sonic Wall Gateway

19 References Article “IDS Evaluation” published on Network world Magazine . Insertion, Evasion and Denial Of Service:-Eluding Network Intrusion detection System -Thomas H. Ptacek, Timothy N. Newsham .

20 Thanks Question ????

Download ppt "IDPS (Intrusion Detection & Prevention System )"

Similar presentations

Ads by Google