By: Er. Magandeep Kaur Brar

Slides:



Advertisements
Similar presentations
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Advertisements

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Guide to Network Defense and Countermeasures Second Edition
Security+ Guide to Network Security Fundamentals
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
seminar on Intrusion detection system
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
INTRUSION DETECTION SYSTEM
Network security policy: best practices
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
BUSINESS B1 Information Security.
What does “secure” mean? Protecting Valuables
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Computer Security By Duncan Hall.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
Computer threats, Attacks and Assets upasana pandit T.E comp.
Role Of Network IDS in Network Perimeter Defense.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Critical Security Controls
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Introduction to Networking
Answer the questions to reveal the blocks and guess the picture.
Firewalls.
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Intrusion Detection system
Presentation transcript:

By: Er. Magandeep Kaur Brar 26/04/2013 Intrusion Detection System (IDS) By:- Er. Magandeep Kaur (G.P.C. Bathinda) 4/26/2013 Punjab EDUSAT Society (PES) Punjab EDUSAT Society (PES)

By: Er. Magandeep Kaur Brar What is IDS? 26/04/2013 IDS are tools for obtaining security in networks. It helps the administrator to detect & respond to the malicious attacks which the firewall was not able to detect & filter. 4/26/2013 Punjab EDUSAT Society (PES) Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities. An Intrusion Detection System is required to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) This includes network attacks against services, attacks on applications, unauthorized logins and access to sensitive files etc… IDS thus forms the second line of defence against malicious hacker & attackers. 4/26/2013 Punjab EDUSAT Society (PES)

Comparison with firewalls Though they both relate to network security, an IDS differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. A system that terminates connections is called an intrusion prevention system, and is another form of an application layer firewall. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Normally the networks use firewall for protection against security threats but they can rarely identify the type of attack. So IDS is proven to be an excellent tool for monitoring the type of attack. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) There are two types of intrusion detection system: - 1. Reactive IDS 2. Passive IDS Reactive IDS: - It is one in which if the intruder or attack is detected it does not alert the user. Passive IDS: - In it the user is alerted in silent mode i.e. through mails, pagers etc. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) A better way to understand IDS would be to take your house as an example. The looks on your doors & windows stop strangers from gaining access to your house. These are your firewalls. A person having keys of your door locks or who has some way to open them can pass through the doors & windows i.e. one having keys is authorized person for your firewalls to pass through. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) But this firewall cannot detect if that authorized person has some malicious intentions or not. But they can be detected by IDS. IDS are combination of early warning & alarm system. When someone attempts to force entry into your house, your alarm will sound to scare of intruder (a “reactive” IDS), or it might make a silent phone call to a local police station(a “reactive” IDS). 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Need of IDS For any company with a connection to internet, a firewall should always be your first line of defence. But firewalls can be attacked, & one way to plug these gaps in your security is to use an IDS. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Following are some reasons why we need IDS:- Trojans:- A Trojan is a bad program that you have been hoodwinked into installing on your computer in the belief that it is a good program. Spyware:- It is generally a particular type of Trojan. Its purpose is to sit quietly & hidden on your computer & to send information back to its originator. It spies on you, stealing confidential information, passwords, credit card etc. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Advantages of IDS General benefits of an IDS include the following: - It can detect the unauthorized user. It can detect password cracking & denial of services. It can catch illegal data manipulations. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) It monitors & analysis the system events & user behavior. Managing OS audit & logging mechanisms & the data they generate. Alerting appropriate staff by appropriate means when attacks are detected. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) They can detect & alert malicious code like viruses, worms, Trojan horses etc. They are similar to security camera & burglar alarm. They can detect most of the security threats & in some cases they are more reliable than firewalls. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Limitations of IDS IDS is unable to catch the events of tear drop attack. A tear drop attack occurs when an attack sends fragments of data that a system is unable to reassemble. Such an attack may lead to freezing of the system. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Most of them are unable to detect & prevent the misuse or unintended consequences. A direct attack on IDS by an attacker also finishes up its ability to detect intrusion. So the attacker tries to shut down the IDS & then attack on network. Not all IDS are compatible with all routers. 4/26/2013 Punjab EDUSAT Society (PES)

What IDS ‘CAN and CANNOT’ provide The IDS however is not an answer to all your Security related problems. You have to know what you CAN, and CAN NOT expect of your IDS. In the following subsections I will try to show a few examples of what an Intrusion Detection Systems are capable of, but each network environment varies and each system needs to be tailored to meet your enterprise environment needs. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) The IDS CAN provide the following: CAN add a greater degree of integrity to the rest of you infrastructure. CAN trace user activity from point of entry to point of impact. CAN recognize and report alterations to data. CAN automate a task of monitoring the Internet searching for the latest attacks. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) CAN detect when your system is under attack. CAN detect errors in your system configuration. CAN guide system administrator in the vital step of establishing a policy for your computing assets. CAN make the security management of your system possible by non-expert staff. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) The IDS CAN NOT provide: CAN NOT compensate for a weak identification and authentication mechanisms. CAN NOT conduct investigations of attacks without human intervention. CAN NOT compensate for weaknesses in network protocols. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) CAN NOT compensate for problems in the quality or integrity of information the system provides. CAN NOT analyze all the traffic on a busy network. CAN NOT always deal with problems involving packet-level attacks. CAN NOT deal with some of the modern network hardware and features. 4/26/2013 Punjab EDUSAT Society (PES)

Who needs to be involved? In order to identify critical systems the following people MUST be involved: Information Security Officers Network Administrators Database Administrators 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Senior Management Operating System Administrators Data owners Without those individuals involved, the resources will not be used efficiently. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) My IDS is up, what now? Once your IDS is up and operational, you must dedicate a person to administer it. Logs must be reviewed, and traffic must be tailored to meet the specific needs of your company. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) You must know that IDS must be maintained and configured. If you feel that you lack knowledgeable staff, get a consultant to help, and train your personnel. Otherwise you will loose a lot of time and money trying to figure out, what is wrong. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Emergency response procedure must outline: Who will be the first point of contact. List all of the people who will need to be contacted. Person responsible for decision making on how to proceed in the emergency situation. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Person responsible for investigation of the incident. Who will handle media, in case the incident gets out. How will the information about the incident will be handled. 4/26/2013 Punjab EDUSAT Society (PES)

Where do I find an Intrusion Detection mechanism? After we decided that we need an intrusion detection mechanism, we have to find out where do we get it. Below I provide a list of vendors that offer Intrusion Detection products and services. Products vary from freeware to commercially available. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Freeware:- Snort Shadow - http://www.snort.org/ Commercially Available: - Real Secure from ISS - http://www.iss.net/customer_care/resource_cente r/product_lit/ - Net Prowler from Symantec - http://enterprisesecurity.symantec.com/products/ products.cfm?ProductID=50&PID=5863267 - NFR - http://www.nfr.com/ 4/26/2013 Punjab EDUSAT Society (PES)

Network based ID systems Types of IDS IDS can be categorized in 3 different ways: - Host based ID systems Network based ID systems Application based IDS 4/26/2013 Punjab EDUSAT Society (PES)

Host based ID system (HIDS) These are concerned with what is happening on each individual computer or host . They are able to detect such things such as repeated failed access attempts or changes to system files. HIDS are installed on hosts to which they have to keep an eye & perform monitoring. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Host can be server, workstation or any network device such as router, printer or gateway. HIDS do monitoring, reporting & direct interactions at application layer. It can inspect each incoming command, look for signs of maliciousness & unauthorized file changes. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) The disadvantage of Host based IDS is: they are harder to manage, as information must be configured & managed for every host monitored. Most of the HIDS can monitor only specific types of systems E.g. the HIDS cyber cop server can only protect web servers. If the server is running multiple services like file sharing, DNS etc then HIDS might not be able to detect an intrusion. 4/26/2013 Punjab EDUSAT Society (PES)

Network based ID system It examine the individual data packets flowing through network. These packets are examined & sometimes compared with original data to verify their nature; malicious or not, because they are responsible for monitoring a network. They are able to understand all different options that exist within a network packet & ports. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) NIDS are also able to look at the payload within the packet, i.e. see which particular web server program is being accessed & with what options. When an unauthorized user logs in successfully or attempts to log in, they are best tracked by the host based IDS. However, detecting the unauthorized user before their log on attempt is best accomplished with network based IDS. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) NIDS can detect the maliciously crafted packet that can make attack & spoil security of the network. NIDS scans any traffic that is transmitted over the segment of the network & only permits that packets that are not identified as intrusive. Examples of network based IDS are Shadow, dragon, Real secure & Net Prowler. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Disadvantage of Network based IDS is that it may have difficulty in processing all packets in a large or busy network & therefore may fail to recognize an attack launched during periods of high traffic. Another disadvantage of Network based IDS is, it cannot analyze encrypted information. This problem is increasing as more organizations use VPNs. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Application based IDS It can monitor the interaction between user & application, which often allows them to trace unauthorized activity to individual users. Application based IDSs can work in encrypted environments, since they interface with application at transaction endpoints, where information is presented to user in encrypted form. 4/26/2013 Punjab EDUSAT Society (PES)

Misuse & anomaly detection system Misuse detection within network based IDS involves checking for illegal types of network traffic. Detection of anomalous activity relies on the system knowing what is regular network traffic & what isn’t. Many modern systems use a combination of both Misuse & anomaly detection system. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Teardrop attack A teardrop attack is a denial of service attack (DoS). This attack causes fragmented packets to overlap one another on the host receipt, the host attempts to reconstruct them during the process but fails. 4/26/2013 Punjab EDUSAT Society (PES)

IDS & Network Security policy IDS should be seen as an important layer in company’s “defense in depth” strategy. A well defined high level security policy covering what is & isn’t permitted on company’s system & network. This include things such as password policy, which of the internet facilities staff may access etc. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Low level platform specific policies detailing how the high level strategy is to be implemented. - e.g. how to configure password management subsystems on your NT and UNIX servers. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Documented procedures for staff to follow. - e.g. the help desk receives numerous calls one the system logs show morning from staff complaining that their accounts have been disabled & the system logs show repeated failed log in attempts to all the systems. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Regular audits to confirm that the policies have been enacted & that the defenses are adequate for the level of risk you are exposed to. - e.g. performing regular network scans from outside, the organization's firewall to determine what ports are open and how much information the firewalls & routers leak. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) Available staff skilled in the operation & monitoring of built in security tools installed on server & network devices. - e.g. if the staff currently does not have the time to check the firewall & routers logs, IDS alerts are unlikely to be acted upon in a timely manner. 4/26/2013 Punjab EDUSAT Society (PES)

Punjab EDUSAT Society (PES) THANKS… 4/26/2013 Punjab EDUSAT Society (PES)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.