Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.

Published byBrendan Craig Modified over 8 years ago

Similar presentations

Presentation on theme: "Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics."— Presentation transcript:

1 Intrusion Detection Systems Dj Gerena

2 What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics Signatures Gathers and reports incidents Sent to console Trigger a response

3 Composition of an IDS Components are added into an existing network Sensor Copy a record of all network activity and sends it to the Collector Collector Determines if an attack is taking place IDS Manager Laptop/Desktop with IDS software Check for alerts Change settings Database Houses network baseline data or attack signatures

4

5 Anomaly Based vs. Signature Based IDS Anomaly Based Monitors network traffic Keeps track of patterns of traffic and information to obtain baseline If deviation in network behavior is detected, IDS will assume an attack Higher risk of false positive Signature Based Attack Signature database is maintained Compare traffic to the database If match is found, alert is sent Requires constant updates

6 Network-Based vs. Host-Based IDS Network-Based Monitors all traffic on the network Useful for monitoring non critical systems. Host-Based IDS customized to a specific server Being closer to host allows for greater chance of detection Prevents threats such as Trojans and backdoors from being installed form within the network

7 Passive vs. Reactive Passive When an attack is detected an alarm or alter will be triggered No further action is performed by the IDS Reactive Collector will send an alert Send instruction to firewall and router to block activity from occurring on the network Response should be managed and assessed, regardless of system being used.

8 Response to Attacks If an automatic response was not enacted Verify that an attack occurred Shutdown any necessary ports or processes Do a quick damage assessment Once response has been applied Patch/block vulnerabilities Verify if attack has ended Determine whether to lift blocks

9 Benefits of IDS Eliminate the need to shut down a network when an attack occurs Allows user to observe the type of attack and methods used by the attack to prevent future attacks The security baseline defines the criteria such as used bandwidth, protocols, ports, and the types of devices that can be connected to each-other.

10 Sources http://www.firewalls.com/blog/intrusion_detection/ https://www.sans.org/reading- room/whitepapers/detection/understanding-intrusion- detection-systems-337 https://www.sans.org/reading- room/whitepapers/detection/understanding-intrusion- detection-systems-337 https://www.sans.org/reading- room/whitepapers/detection/intrusion-detection-systems- definition-challenges-343 https://www.sans.org/reading- room/whitepapers/detection/intrusion-detection-systems- definition-challenges-343 http://www.youtube.com/watch?v=O2Gz-v8WswQ

Download ppt "Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Intrusion Detection MIS.5213.011 ALTER 0A234 Lecture 3.

Intrusion Detection MIS ALTER 0A234 Lecture 3.
seminar on Intrusion detection system

seminar on Intrusion detection system
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Similar presentations

Ads by Google