Intrusion Prevention Systems

Slides:



Advertisements
Similar presentations
Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
MSIT 458: Information Security & Assurance By Curtis Pethley.
Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
LittleOrange Internet Security an Endpoint Security Appliance.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
EDUCAUSE Security 2006 Internet John Brown University.
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director
Hacker Zombie Computer Reflectors Target.
Fortinet An Introduction
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Applied Watch Technologies The Enterprise Open Source Security Infrastructure open.freedom Go ahead. Be free.
Chapter 5: Implementing Intrusion Prevention
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Intro to Firewalls. A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
Some Great Open Source Intrusion Detection Systems (IDSs)
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.
Barracuda NG Firewall ™
Final Project: Advanced security blade
CompTIA Security+ Study Guide (SY0-401)
IDS Intrusion Detection Systems
Snort – IDS / IPS.
HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager
100% Exam Passing Guarantee & Money Back Assurance
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Firewalls.
CompTIA Security+ Study Guide (SY0-401)
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Sizing …today. T: Here’s how. .
Intrusion Detection & Prevention
Check Point Connectra NGX R60
Intrusion Prevention Systems
Chapter 4: Protecting the Organization
How to Detect Attacks and Supervise Rail Systems?
Fire-wall.
Intrusion Detection system
Topic What is Network & Network Security ? Network Security Companies
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Network Security Mark Creighton GBA 576 6/4/2019.
Hosted Security.
Presentation transcript:

Intrusion Prevention Systems Ahmed Saeed Team Leader (Cisco Division) CTTC (PVT) Limited

What is IPS? Intrusion Prevention System A system located on the network that monitors the network for issues like security threats and policy violations, then takes corrective action. Performs Deep Packet Inspection

What can an IPS do? IPS can detect and block: OS, Web and database attacks Spyware / Malware Instant Messenger Peer to Peer (P2P) Worm propagation Critical outbound data loss (data leakage)

Difference between IDS and IPS Intrusion Detection System (IDS) Passive Hardware\software based Uses attack signatures Configuration SPAN/Mirror Ports Generates alerts (email, pager) After the fact response Intrusion Prevention System (IPS) Inline & active Inline w/fail over features. Real time response

IPS Types IPS can be grouped into 3 categories Signature Based Anomaly Based (NBAD) Hybrid

Signature Based Use pattern matching to detect malicious or otherwise restricted packets on the network Based on current exploits (worm, viruses) Detect malware, spyware and other malicious programs. Bad traffic detection, traffic normalization

Signature Based Products Sourcefire / Snort StillSecure NFR Cisco IOS IPS

Signature: Pro’s & Con’s Very flexible. Well suited to detect single packet attacks like SQL Slammer. Con’s Relatively little Zero Day protection. Generally requires that the attack is known before a signature can be written.

Anomaly Based Anomaly based IPS look for deviations or changes from previously measured behavior like: Substantial increase in outbound SMTP traffic New open ports or services Analyzes TCP/IP Parameters changes

Anomaly Based Products Mazu Networks Arbor Networks Q1 Labs Top Layer

Anomaly: Pro’s & Con’s Pro’s Con’s Better protection against Zero Day threats Better detection of “low and slow” attacks Con’s Cannot protect against single packet attacks like SQL slammer Cannot analyze packets at layers 5 – 7 of the OSI model

Hybrid IPS Hybrid IPS combine Signature Based IPS and Anomaly Based IPS into a single device

Hybrid Products Juniper Cisco IBM-ISS TippingPoint McAfee

Hybrid Pro’s & Con’s Pro’s Con’s Superior protection for both known and Zero Day threats Each plays off the weakness of the other Con’s Generally more expensive than either Anomaly or Signature based products Can be slower depending on architecture

Architecture: Software vs. Hardware Software based Generally runs Linux or a BSD variant EG: Snort / Sourcefire, NitroSecurity, StillSecure Hardware based Uses ASIC / FPGA technology EG: TippingPoint, Top Layer, McAfee

Software Pro’s & Con’s Pro’s Con’s More flexible Generally easier to add major functionality Cheaper Generally has more functionality Con’s Usually slower than hardware Latency is usually higher than hardware

Hardware Pro’s & Con’s Pro’s Con’s Speed, Speed, Speed Lower latency than software Less moving parts to fail Con’s Expensive Not easily upgradeable Major upgrades usually mean new ASIC chips

What about UTM? Unified Threat Manager All-in-one devices that can do: Firewall Antivirus IPS VPN Etc. This is being discussed because vendors very often push UTM devices when customers are looking for IPS solutions

UTM Products Fortinet Radware SonicWall ISS-Proventia Cisco (ASA appliance) Juniper (SSG and ISG Firewalls)

UTM Pro’s & Con’s Pro’s Con’s Cost effective for remote branch offices where other capabilities like Firewall are also needed Con’s Usually a limited subset of IPS functionality and signatures as compared to stand alone IPS products

Thinking about an IPS? Why? What problem are you trying to solve? What other problems may be solved? What problems may arise? If Networking is a different group than Security, do you have their buy in?

Tips when selecting an IPS Prepare an RFP You can get a sample one from Internet Do an on-site POC of your top choices It’s vital to see how the device works in your network. Make sure you test their support, especially if you are going to buy 24x7 Look for products certifications ICSA, NSS Group, Neohapsis

What to consider when buying Speed / latency Will the device perform under load? Is the latency acceptable? Very important if you have VOIP! Accuracy How many attacks did it miss? How many false attacks did it block? Signature Updates Absolutely critical. How often the signatures are updated is a key indicator of how serious they are about selling IPS High Availability Will it do Active-Passive, Active-Active? "Fail Open“ Will the device pass traffic in the event of a device failure?

IPS Testing and Certifications Testing & certifications are done by ICSA Labs NSS Group Neohapsis ICSA is the newest NSS is arguably the most respected, for now. The IPS should have at least one certification

Questions?

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.