Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Similar presentations

Presentation on theme: "Intrusion Detection Systems By: William Pinkerton and Sean Burnside."— Presentation transcript:

1 Intrusion Detection Systems By: William Pinkerton and Sean Burnside

2 What is IDS IDS is the acronym for Intrusion Detection Systems Secure systems from attack Attacks on a system are through the network, by either:  Crackers  Hackers  Disgruntled Employees Five different kinds of intrusion detection systems 1.Network-based 2.Protocol-based 3.Application-based 4.Host-based 5.Hybrid

3 History of IDS Began Mid 1980’s James P. Anderson “Computer Security Threat Monitoring and Surveillance” Fred Cohen The inventor of defenses against viruses Said, “It is impossible to detect an intrusion in every case” and “the resources needed to detect intrusion grows with the amount of usage” Dorthy E. Denning assisted by Peter Neuman Created an anomaly-based intrusion detection system Named Intrusion Detection Expert System Later version was named Next-generation Intrusion Detection Expert System

4 Passive vs. Reactive Systems Passive System First detects a breach Logs the breach and/or alerts the administrator(s) Reactive System Takes more action of alerting the breach, by either:  Resetting the connection  Reprograms the firewall

5 Firewall and Antivirus vs. IDS Firewall Blocks potentially harmful incoming or outgoing traffic Does not detect intrusions Antivirus Scans files to identify or eliminate, either:  Malicious Software  Computer Viruses Intrusion Detection Systems Alert an administrator(s) of suspicious activity Looks for intrusions before they happen **Note: For maximum protection it is best to have all three!!**

6 5 Methods of IDS 1.Network-based Intrusion Detection System 2.Protocol-based Intrusion Detection System 3.Application-based Intrusion Detection System 4.Host-based Intrusion Detection System 5.Hybrid Intrusion Detection System

7 Network-based Intrusion Detection System Runs on different points of a network Scans for DOS attacks, activities on ports and hacking Also scans incoming and outgoing packets that are bad Pros Not much overhead on network Installing, upkeep and securing is easy Undetectable by most hacks Cons Has trouble with large networks

8 Network-based Intrusion Detection System (cont.) Cons (cont.) Has trouble with switch based networks No reporting if attack fails or succeeds Cannot look at encrypted data

9 Protocol-based Intrusion Detection System Sits at the front end of a server Usually used for web servers Two uses Making sure a protocol is enforced and used correctly Teaching the system constructs of a protocol Pros Easier for system to pick up on attacks since it is protocol based Cons Rules for protocols come out slowly could be a gap in attacks

10 Host-based Intrusion Detection System Internally based detection system Analyses a system four ways File system monitoring Logfile analysis Connection analysis Kernel based intrusion Pros Analyses encrypted data Can keep up with switch based networks Provides more information about attacks

11 Host-based Intrusion Detection System (cont.) Pros (cont.) System can tell what processes where used in the attack System can tell the users involved in the attack Cons Decrease in network performance if multiple hosts are analyzed If the host machine is broken the system can be disabled Affected by DOS attacks Needs allot of resources

12 Application-based Intrusion Detection System System is application specific Monitor dynamic behaviors and states of protocol The system analyzes the communication between applications Pros Greater chance of detecting an attack since it is application specific Can look at encrypted data Con Needs a lot of processing power

13 Hybrid Intrusion Detection System Combines two or more systems Pros It has the same pros as the systems that it is based on Cons It has the same cons as the systems that it is based on

14 Top 5 IDS 1.Snort 2.OSSEC HIDS 3.Fragrouter 4.BASE 5.Squil

15 Lightweight, open source Originally named bro Developed by Lawrence Berkeley National Laboratory in 1998 The most widely used Intrusion detection system Capable of performing packet logging and real time traffic analysis over IP networks

16 OSSEC HIDS Strong log analysis engine Correlate and analyze logs from different devices and formats Can be centralized Many different systems can be monitored Runs on most operating systems Linus OpenBSD Mac OS X Solaris FreeBSD Windows

17 Fragrouter Used to evade intrusion detection systems Limited to certain operating systems BSD Linux Good tool for finding weaknesses on a network, computers, or servers that ids may not be able to find

18 BASE Written in php Nice web front in Analyzes data stored in a database that is populated by firewalls, ids, and network monitoring tools

19 Sguil Known for it’s graphical user interface Runs on operating systems that support tcl/tk Linux BSD Solaris MacOS Win32 Network security monitoring Provides intrusion detection system alerts

20 Question Time…

Download ppt "Intrusion Detection Systems By: William Pinkerton and Sean Burnside."

Similar presentations

Ads by Google