Presentation is loading. Please wait.

Presentation is loading. Please wait.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York."— Presentation transcript:

1 NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

2 Introduction to IDS Why we need IDS? –Fire Walls and IDS. –Analogy Based Example Classification of IDSs Models of IDS –Anomaly based model –Signature based model.

3 A Typical Fire Wall Deployment Source:http://www.scs-ca.com/images/topos/2-AV-01.gif

4 Anomaly Based IDS General Functional Mechanism Behavioral Anomaly –Statistical Approach Example: Traffic analysis Protocol Anomaly –Based on Protocols and communication Structure Example : Insecure Protocols Pros –Captures all the headers of IP –Filters out respective (Mail, Web, DNS,. etc) legal traffic –More Pro- active. –Quickly Identifies Probes and Scans towards Network Hardware –Best Suited for Larger networks and Networks vulnerable to frequent hacking.

5 Anomaly Based IDS Cons –Often makes False Alarms (False Positives) –Need skilled personnel to analyze the possible intrusions. –Need Sophisticated Hardware and Software –Creates large amount of Log data –Increase network traffic (some)

6 Signature Based IDS Based on known Attack patterns There are two (Basic) kinds of Signature Based IDSs: 1.NIDS (Network Intrusion Detection System) 2.HIDS (Host Intrusion Detection System)

7 What is an attack Signature? Sequence of Events A->B->C, D->E Examples of Signature (Unix Systems) –Gaining root privileges –Suspected repetitive actions »Using the command “sudo –s” or “su – root” –Using Cgi scripts to access the file by fetching arguments. http://www.host.com/~xxxxhttp://www.host.com/~xxxx or http://www.host.com/../../etc/passwd

8 Signature Based IDS General Functional Mechanism Pros: –Ease of Use –Looks for O/S level changes (Biggest Advantage) –No need for skilled personal –Commercial and Open Source –Regular updates of new signatures to the signature database

9 Signature Based IDS Cons: –More Re-active –More reliable updates only for Commercial versions –More suited for Hosts than Networks Why? –Depends on Network Traffic –Consumes CPU time –Can be hacked easily.

10 Network Intrusion Detection Systems (NIDS). Functional Mechanism –Uses huge standby databases with signatures Components of NIDS –Sensors and Consoles

11 NIDS.... A typical Deployment

12 NIDS …… Selection Criteria –Deployment of NIDS Interference with Net work Traffic Commercial NIDS –Example : Snort Open Source NIDS –Example : Bro »Monitors network in Passive mode »No Direct Interference with the Network.

13 HIDS Functional Mechanism –Analogy example… –O/S level Changes –Sensors and Killing the session Most efficient Among all IDSs –Strips down all the packets including encrypted ones. Commercial Vs Open Source –Example Tripwire

14 HIDS.. A typical Deployment

15 Advancements in IDS Hybrid IDS –Combination of NIDS functionality and HIDS. Decoy Based IDS –Example: Our Honey Pot machine –*No problem with False Positive –Captures only unauthorized activities – All traffic are considered to be suspected ones

16 On Progress…. Circumstances where unnoticed attacks take place Hybrid NIDS Detection Points.

Download ppt "NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.

IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Lecture 13 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 13 Intrusion Detection modified from slides of Lawrie Brown.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
seminar on Intrusion detection system

seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond

Similar presentations

Ads by Google