Download presentation
Presentation is loading. Please wait.
Published byClaud Gallagher Modified over 8 years ago
2
1 Figure 10-4: Intrusion Detection Systems (IDSs) IDSs Event logging in log files Analysis of log file data Alarms Too many false positives (false alarms) Too many false negatives (overlooked incidents) Log files for retrospective analysis by humans
3
2 Figure 10-4: Intrusion Detection Systems (IDSs) Elements of an IDS (Figure 10-5) Event logging Analysis method Action Management
4
3 Figure 10-5: Elements of a Simple IDS Management: Configuration, Tuning Action: Alarms, Queries, Reports Analysis: Attack Signatures and Heuristics Logging (Data Collection): Individual Events are Time-Stamped Log is Flat File of Events
5
4 Figure 10-4: Intrusion Detection Systems (IDSs) Distributed IDSs (Figure 10-6) Managers Agents Distribution of functionality between agents and managers (analysis and action)
6
5 Figure 10-6: Distributed IDS Log File Manager Host IDS Main Firewall Agent Site Internal Switch-Based Network IDS Log File Transfer in Batch Mode or Real Time Stand-Alone Network IDS Internet Connection FW Log
7
6 Figure 10-4: Intrusion Detection Systems (IDSs) Distributed IDSs (Figure 10-6) Batch versus Real-Time Data Transfer Batch mode: Every few minutes or hours; efficient Real-time: As events occur or shortly afterward; little or no data loss if attacker eliminates log file on agent’s computer
8
7 Figure 10-4: Intrusion Detection Systems (IDSs) Distributed IDSs (Figure 10-6) Secure manager-agent communication Vendor’s automatic updates with secure communication Network IDSs (NIDSs) Capture packets Stand-alone NIDS collects data for only its portion of the network Switch or router NIDSs can collect data on all ports
9
8 Figure 10-4: Intrusion Detection Systems (IDSs) Network IDSs (NIDSs) NIDS placement Between main firewall and internal or external network for relevant or all attacks At internal points to detect internal mischief Weaknesses Blind spots in network where no NIDS data is collected Cannot filter encrypted packets
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.