Download presentation
Presentation is loading. Please wait.
1
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
2
Introduction to IDS Why we need IDS? –Fire Walls and IDS. –Analogy Based Example Classification of IDSs Models of IDS –Anomaly based model –Signature based model.
3
A Typical Fire Wall Deployment Source:http://www.scs-ca.com/images/topos/2-AV-01.gif
4
Anomaly Based IDS General Functional Mechanism Behavioral Anomaly –Statistical Approach Example: Traffic analysis Protocol Anomaly –Based on Protocols and communication Structure Example : Insecure Protocols Pros –Captures all the headers of IP –Filters out respective (Mail, Web, DNS,. etc) legal traffic –More Pro- active. –Quickly Identifies Probes and Scans towards Network Hardware –Best Suited for Larger networks and Networks vulnerable to frequent hacking.
5
Anomaly Based IDS Cons –Often makes False Alarms (False Positives) –Need skilled personnel to analyze the possible intrusions. –Need Sophisticated Hardware and Software –Creates large amount of Log data –Increase network traffic (some)
6
Signature Based IDS Based on known Attack patterns There are two (Basic) kinds of Signature Based IDSs: 1.NIDS (Network Intrusion Detection System) 2.HIDS (Host Intrusion Detection System)
7
What is an attack Signature? Sequence of Events A->B->C, D->E Examples of Signature (Unix Systems) –Gaining root privileges –Suspected repetitive actions »Using the command “sudo –s” or “su – root” –Using Cgi scripts to access the file by fetching arguments. http://www.host.com/~xxxxhttp://www.host.com/~xxxx or http://www.host.com/../../etc/passwd
8
Signature Based IDS General Functional Mechanism Pros: –Ease of Use –Looks for O/S level changes (Biggest Advantage) –No need for skilled personal –Commercial and Open Source –Regular updates of new signatures to the signature database
9
Signature Based IDS Cons: –More Re-active –More reliable updates only for Commercial versions –More suited for Hosts than Networks Why? –Depends on Network Traffic –Consumes CPU time –Can be hacked easily.
10
Network Intrusion Detection Systems (NIDS). Functional Mechanism –Uses huge standby databases with signatures Components of NIDS –Sensors and Consoles
11
NIDS.... A typical Deployment
12
NIDS …… Selection Criteria –Deployment of NIDS Interference with Net work Traffic Commercial NIDS –Example : Snort Open Source NIDS –Example : Bro »Monitors network in Passive mode »No Direct Interference with the Network.
13
HIDS Functional Mechanism –Analogy example… –O/S level Changes –Sensors and Killing the session Most efficient Among all IDSs –Strips down all the packets including encrypted ones. Commercial Vs Open Source –Example Tripwire
14
HIDS.. A typical Deployment
15
Advancements in IDS Hybrid IDS –Combination of NIDS functionality and HIDS. Decoy Based IDS –Example: Our Honey Pot machine –*No problem with False Positive –Captures only unauthorized activities – All traffic are considered to be suspected ones
16
On Progress…. Circumstances where unnoticed attacks take place Hybrid NIDS Detection Points.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.