Download presentation
Presentation is loading. Please wait.
1
Intrusion Detection & Prevention
Iliandra Gonzalez
2
Intrusion Detection System
Is a device/software application that monitors a network or systems for malicious activity or for any policy violations.
3
Cont. Intrusion detection system(IDS) are split into two type of systems. Host-based intrusion detection system(HIDS) Network-based intrusion detection system(NIDS)
4
Host-Based Network-Based
Host based intrusion detection systems focus on : Aimed at collecting information. Is considered a sensor, collects data on the system it is monitoring. Relies on audit trails. Can be limited by this Source of choice Network based intrusion detection systems focus on : Aimed at analyzing incoming network traffic. Information collected from network traffic stream Data travels here Recognizes attack signatures Packet sniffing
5
How does it work? Intrusion detection system is used to detect anomalies with the aim of catching hackers before any real damage is done. It can be done host based or network It works by looking for signatures of know attacks Any deviations of normal activity
6
Products Intrusion detection system software are open source.
Open source – software’s original code is available The following are six open source products available to the public Snort Secuirty Onion OSSEC OpenWIPS-NG Suricata Bro IDS
7
Intrusion prevention system
Intrusion prevention system(IPS) is used to identify threats and respond to them Is a security prevention technology that inspects network traffic flows to detect and prevent vulnerability exploits.
8
IPS Tools Similar to IDS, Intrusion prevention systems have tools available. Anti-virus programs Clean-up Firewalls Static packet Stateful packet Stateful inspection Proxy
9
IDS and IPS Intrusion detection system and Intrusion prevention system both increase protection. Monitoring traffic Inspecting and scanning packets Recognize and store signatures
10
Difference between IDS and IPS
Intrusion Detection System Intrusion Prevention System Provides network with level of security against suspicious activity Targets early warnings at system admin Cannot block attacks Is a device that controls access Protects systems from attack and abuse Inspects attack data Takes action Blocks from developing Creates rules in the firewall.
11
Why is it Necessary? The importance of detection is to indicate something was stolen or done maliciously. An alarm The importance of prevention is to have the ability to block attacks. Action ensues
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.