Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Published byRosanna Watts Modified over 9 years ago

Similar presentations

Presentation on theme: "Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda."— Presentation transcript:

1 Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda

2 What is IPS IPS (Intrusion prevention system) Control access to a network Similar to firewall, but different… IPS (Intrusion prevention system) Control access to a network Similar to firewall, but different…

3 What’s the difference? Traditional firewall – examines header IPS – examines payload as well DPI (Deep Packet Inspection) Traditional firewall – examines header IPS – examines payload as well DPI (Deep Packet Inspection)

4 DPI enables IPS to… Gather more information Detect certain attack signatures Control network traffic intelligently - ftp root access (user root) - HTTP content Gather more information Detect certain attack signatures Control network traffic intelligently - ftp root access (user root) - HTTP content

5 Tradeoff Payload - no fixed fields - large in size Requires high computing resource - CPU - memory Hardware implementation Payload - no fixed fields - large in size Requires high computing resource - CPU - memory Hardware implementation

6 IDS vs IPS Intrusion Detection System (IDS): - DPI - detects - Snort IPS: - DPI - take action - snort_inline + iptables Intrusion Detection System (IDS): - DPI - detects - Snort IPS: - DPI - take action - snort_inline + iptables

7 Proof of concept Implement an IPS using: - snort_inline, and - iptables Test IPS using: - Lab4 firewall configuration - Lab6 imapd buffer overflow Implement an IPS using: - snort_inline, and - iptables Test IPS using: - Lab4 firewall configuration - Lab6 imapd buffer overflow

8 Lab 4 setup Black - attacker Protected – victim Firewall - IPS Black - attacker Protected – victim Firewall - IPS

9 How to capture attack? Attack using buffer overflow string Long sequence of NOP snort_inline checks for …90 90 90 90... Attack using buffer overflow string Long sequence of NOP snort_inline checks for …90 90 90 90...

10 Flow Protected runs vulnerable service BlackHat attacks snort_inline captures and tell iptable block traffic Protected remains safe Protected runs vulnerable service BlackHat attacks snort_inline captures and tell iptable block traffic Protected remains safe

11 IPS + Lab4 + Lab6 BlackHat, Protected, and IPS

12 Implication One for all Less dependent on individual server Vulnerable service made secure Enhanced security One for all Less dependent on individual server Vulnerable service made secure Enhanced security

13 What you will do in the lab? Setup machines & install software Perform first attack without IPS Perform second attack with IPS enabled Appreciate IPS/DPI Setup machines & install software Perform first attack without IPS Perform second attack with IPS enabled Appreciate IPS/DPI

14 Questions ? ?

Download ppt "Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda."

Similar presentations

Firewalls Anand Sharma Austin Wellman Kingdon Barrett.

Firewalls Anand Sharma Austin Wellman Kingdon Barrett.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.

Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.

Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Computer & Network Security

Computer & Network Security
COEN 252 Computer Forensics Collecting Network-based Evidence.

COEN 252 Computer Forensics Collecting Network-based Evidence.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Similar presentations

Ads by Google