Presentation is loading. Please wait.

Presentation is loading. Please wait.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

Similar presentations


Presentation on theme: "NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York."— Presentation transcript:

1 NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

2 Introduction to IDS Why we need IDS? –Fire Walls and IDS. –Analogy Based Example Classification of IDSs Models of IDS –Anomaly based model –Signature based model.

3 A Typical Fire Wall Deployment Source:http://www.scs-ca.com/images/topos/2-AV-01.gif

4 Anomaly Based IDS General Functional Mechanism Behavioral Anomaly –Statistical Approach Example: Traffic analysis Protocol Anomaly –Based on Protocols and communication Structure Example : Insecure Protocols Pros –Captures all the headers of IP –Filters out respective (Mail, Web, DNS,. etc) legal traffic –More Pro- active. –Quickly Identifies Probes and Scans towards Network Hardware –Best Suited for Larger networks and Networks vulnerable to frequent hacking.

5 Anomaly Based IDS Cons –Often makes False Alarms (False Positives) –Need skilled personnel to analyze the possible intrusions. –Need Sophisticated Hardware and Software –Creates large amount of Log data –Increase network traffic (some)

6 Signature Based IDS Based on known Attack patterns There are two (Basic) kinds of Signature Based IDSs: 1.NIDS (Network Intrusion Detection System) 2.HIDS (Host Intrusion Detection System)

7 What is an attack Signature? Sequence of Events A->B->C, D->E Examples of Signature (Unix Systems) –Gaining root privileges –Suspected repetitive actions »Using the command “sudo –s” or “su – root” –Using Cgi scripts to access the file by fetching arguments. http://www.host.com/~xxxxhttp://www.host.com/~xxxx or http://www.host.com/../../etc/passwd

8 Signature Based IDS General Functional Mechanism Pros: –Ease of Use –Looks for O/S level changes (Biggest Advantage) –No need for skilled personal –Commercial and Open Source –Regular updates of new signatures to the signature database

9 Signature Based IDS Cons: –More Re-active –More reliable updates only for Commercial versions –More suited for Hosts than Networks Why? –Depends on Network Traffic –Consumes CPU time –Can be hacked easily.

10 Network Intrusion Detection Systems (NIDS). Functional Mechanism –Uses huge standby databases with signatures Components of NIDS –Sensors and Consoles

11 NIDS.... A typical Deployment

12 NIDS …… Selection Criteria –Deployment of NIDS Interference with Net work Traffic Commercial NIDS –Example : Snort Open Source NIDS –Example : Bro »Monitors network in Passive mode »No Direct Interference with the Network.

13 HIDS Functional Mechanism –Analogy example… –O/S level Changes –Sensors and Killing the session Most efficient Among all IDSs –Strips down all the packets including encrypted ones. Commercial Vs Open Source –Example Tripwire

14 HIDS.. A typical Deployment

15 Advancements in IDS Hybrid IDS –Combination of NIDS functionality and HIDS. Decoy Based IDS –Example: Our Honey Pot machine –*No problem with False Positive –Captures only unauthorized activities – All traffic are considered to be suspected ones

16 On Progress…. Circumstances where unnoticed attacks take place Hybrid NIDS Detection Points.


Download ppt "NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York."

Similar presentations


Ads by Google