Department Of Computer Engineering

Slides:



Advertisements
Similar presentations
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
seminar on Intrusion detection system
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Host Intrusion Prevention Systems & Beyond
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEM
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
1 Intrusion Detection Systems An Overview CSCI Computer Security Fall 2002 Presented By Yasir Zahur.
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Hacker Zombie Computer Reflectors Target.
COEN 252 Computer Forensics
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
What is FORENSICS? Why do we need Network Forensics?
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Chapter 5: Implementing Intrusion Prevention
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Intrusion Detection System
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Proventia Network Intrusion Prevention System
Intrusion Detection Systems An Overview
Principles of Computer Security
Firewalls.
Intrusion Detection & Prevention
Intrusion Prevention Systems
Intrusion Detection system
Presentation transcript:

Department Of Computer Engineering

INTRUSION Intrusion Detection system Intrusion Preventation system

What is intrusion…??? INTRUSIONS are the activities that violate the security policy of system. Intrusion Detection System (IDS) : is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted activities. Intrusion Prevention System (IPS) : is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.

WHAT ARE THE TYPES AND TECHNIQUES INRUSION DETECTION SYSTEM…???

Types of IDS… Based on the sources of the audit information used by each IDS, the IDSs may be classified into Host-base IDSs Distributed IDSs Network-based IDSs

Types in little details…. Host Based IDS Get data from host trails. Detect attacks against a single host Distributed IDS Gather data from multiple host and possibly the network that connects the hosts Detect attacks involving multiple hosts Network-Based IDS Detect attacks from network.

Intrusion Detection Techniques Misuse detection Anomaly detection`

Misuse Detection Based on known attack actions. Feature extract from known intrusions Integrate the Human knowledge. The rules are pre-defined Disadvantage: Cannot detect novel or unknown attacks

Anomaly Detection Based on the normal behavior of a subject. Sometime assume the training data does not include intrusion data. This type of detection is known as anomaly detection. Here any action that significantly deviates from the normal behavior is considered intrusion.

Anomaly Detection Disadvantages Based on data collected over a period of normal operation. When a noise(intrusion) data in the training data, it will make a mis-classification.

Some of the benefits of IDS monitors the operation of firewalls, routers, key management servers and files critical to other security mechanisms allows administrator to tune, organize and comprehend often incomprehensible operating system audit trails and other logs can make the security management of systems by non-expert staff possible by providing nice user friendly interface comes with extensive attack signature database against which information from the customers system can be matched can recognize and report alterations to data files

IDS is not a SILVER BULLET cannot conduct investigations of attacks without human intervention cannot compensate for weaknesses in network protocols cannot compensate for weak identification and authentication mechanisms capable of monitoring network traffic but to a certain extent of traffic level

NOW ITS TIME FOR INRUSION PREVENTION SYSTEM AND ITS TYPES…

Intrusion Prevention System Intrusion prevention systems are network security devices that monitor network and/or system activities for malicious activity (intrusion) Main functions of Intrusion Prevention System (IPS) are: – Identify intrusion – Log information about intrusion – Attempt to block/stop intrusion and – Report intrusion Intrusion Detection System (IDS) only detect intrusions

WHAT IS IPS? Intrusion Prevention System (IPS) is any device (hardware or software) that has the ability to detect attacks, both known and unknown, and prevent the attack from being successful.

Intrusion Prevention Systems (IPS) The bad guys are always one step ahead of the security professionals. Security professionals try and come up with innovative means to detect and prevent attacks. IPS is a preventive device rather than a detective device (IDS).

CLASSIFICATION OF IPS Broadly classified into two categories Host IPS (HIPS) Network IPS (NIPS)

HOST-IPS HIPS is installed directly on the system being protected It binds closely with the operating system kernel and services, it monitors and intercepts system calls to the kernel in order to prevent attacks as well as log them.

NETWORK-IPS Has two network interfaces, one designated as internal and one as external. Packets passed through both interfaces and they determined whether the packet being examined poses a threat. If it detects a malicious packet, an alert is raised, the packets are discarded immediately. Legitimate packets are passed through to the second interface and on to their intended destination.

INTRUSION PREVENTION TECHNIQUES.. Inline network intrusion protection systems. Layer seven switches. Application firewalls. Hybrid switches. Deceptive applications.

INLINE NETWORK IPS It is configured with two NICs, one for management and one for detection. NIC that is configured for detection usually does not have an IP address assigned . It works by sitting between the systems that need to be protected and the rest of the network. It inspects the packet for any intrusion that it is configured to look for.

LAYER SEVEN SWITCHES Placing these devices in front of your firewalls would give protection for the entire network. However the drawbacks are that they can only stop attacks that they know about. The only attack they can stop that most others IPS can’t are the DoS attacks.

APPLICATION FIREWALLS These IPSs are loaded on each server that is to be protected. These types of IPSs are customizable to each application that they are to protect. It profiles a system before protecting it. During the profiling it watches the user’s interaction with the application and the applications interaction with the operating system to determine what legitimate interaction looks like. The drawback is that when the application is updated it might have to be profiled again so that it does not block legitimate use.

HYBRID SWITCHES They inspect specific traffic for malicious content as has been configured . Hybrid switch works in similar manner to layer seven switch, but has detailed knowledge of the web server and the application that sits on top of the web server. It also fails,if the user’s request does not match any of the permitted requests.

DECEPTIVE APPLICATIONS It watches all your network traffic and figures out what is good traffic. When an attacker attempts to connect to services that do not exist, it will send back a response to the attacker The response will be “marked” with some bogus data. When the attacker comes back again and tries to exploit the server the IPS will see the “marked” data and stop all traffic coming from the attacker.

Bibliography [1] “An Introduction To Intrusion Detection Systems” http://www.securityfocusonline.com [2] “Intrusion Detection and Prevention Product Update” http://www.cisco.com [3] “An Introduction to Intrusion Detection” http://www.acm.org

Saurabh Prajapati(11ce21) Akshay Patel (11ce20 ) Saurabh Prajapati(11ce21) Thank you for your attention and time

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.