2 INTRUSIONIntrusion Detection systemIntrusion Preventation system
3 What is intrusion…???INTRUSIONS are the activities that violate the security policy of system.Intrusion Detection System (IDS) : is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted activities.Intrusion Prevention System (IPS) : is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
4 WHAT ARE THE TYPES AND TECHNIQUES INRUSION DETECTION SYSTEM…???
5 Types of IDS…Based on the sources of the audit information used by each IDS, the IDSs may be classified intoHost-base IDSsDistributed IDSsNetwork-based IDSs
6 Types in little details…. Host Based IDSGet data from host trails.Detect attacks against a single hostDistributed IDSGather data from multiple host and possibly the network that connects the hostsDetect attacks involving multiple hostsNetwork-Based IDSDetect attacks from network.
8 Misuse Detection Based on known attack actions. Feature extract from known intrusionsIntegrate the Human knowledge.The rules are pre-definedDisadvantage:Cannot detect novel or unknown attacks
9 Anomaly DetectionBased on the normal behavior of a subject. Sometime assume the training data does not include intrusion data.This type of detection is known as anomaly detection.Here any action that significantly deviates from the normal behavior is considered intrusion.
10 Anomaly Detection Disadvantages Based on data collected over a period of normal operation.When a noise(intrusion) data in the training data, it will make a mis-classification.
11 Some of the benefits of IDS monitors the operation of firewalls, routers, key management servers and files critical to other security mechanismsallows administrator to tune, organize and comprehend often incomprehensible operating system audit trails and other logscan make the security management of systems by non-expert staff possible by providing nice user friendly interfacecomes with extensive attack signature database against which information from the customers system can be matchedcan recognize and report alterations to data files
12 IDS is not a SILVER BULLET cannot conduct investigations of attacks without human interventioncannot compensate for weaknesses in network protocolscannot compensate for weak identification and authentication mechanismscapable of monitoring network traffic but to a certain extent of traffic level
13 NOW ITS TIME FOR INRUSION PREVENTION SYSTEM AND ITS TYPES…
14 Intrusion Prevention System Intrusion prevention systems are network security devices that monitor network and/or system activities for malicious activity (intrusion)Main functions of Intrusion Prevention System (IPS) are:– Identify intrusion– Log information about intrusion– Attempt to block/stop intrusion and– Report intrusionIntrusion Detection System (IDS) only detect intrusions
15 WHAT IS IPS?Intrusion Prevention System (IPS) is any device (hardware or software) that has the ability to detect attacks, both known and unknown, and prevent the attack from being successful.
16 Intrusion Prevention Systems (IPS) The bad guys are always one step ahead of the security professionals.Security professionals try and come up with innovative means to detect and prevent attacks.IPS is a preventive device rather than a detective device (IDS).
17 CLASSIFICATION OF IPS Broadly classified into two categories Host IPS (HIPS)Network IPS (NIPS)
18 HOST-IPS HIPS is installed directly on the system being protected It binds closely with the operating system kernel and services, it monitors and intercepts system calls to the kernel in order to prevent attacks as well as log them.
19 NETWORK-IPSHas two network interfaces, one designated as internal and one as external.Packets passed through both interfaces and they determined whether the packet being examined poses a threat.If it detects a malicious packet, an alert is raised, the packets are discarded immediately. Legitimate packets are passed through to the second interface and on to their intended destination.
21 INLINE NETWORK IPSIt is configured with two NICs, one for management and one for detection.NIC that is configured for detection usually does not have an IP address assigned .It works by sitting between the systems that need to be protected and the rest of the network.It inspects the packet for any intrusion that it is configured to look for.
22 LAYER SEVEN SWITCHESPlacing these devices in front of your firewalls would give protection for the entire network.However the drawbacks are that they can only stop attacks that they know about.The only attack they can stop that most others IPS can’t are the DoS attacks.
23 APPLICATION FIREWALLS These IPSs are loaded on each server that is to be protected.These types of IPSs are customizable to each application that they are to protect.It profiles a system before protecting it. During the profiling it watches the user’s interaction with the application and the applications interaction with the operating system to determine what legitimate interaction looks like.The drawback is that when the application is updated it might have to be profiled again so that it does not block legitimate use.
24 HYBRID SWITCHESThey inspect specific traffic for malicious content as has been configured .Hybrid switch works in similar manner to layer seven switch, but has detailed knowledge of the web server and the application that sits on top of the web server.It also fails,if the user’s request does not match any of the permitted requests.
25 DECEPTIVE APPLICATIONS It watches all your network traffic and figures out what is good traffic.When an attacker attempts to connect to services that do not exist, it will send back a response to the attackerThe response will be “marked” with some bogus data. When the attacker comes back again and tries to exploit the server the IPS will see the “marked” data and stop all traffic coming from the attacker.
26 Bibliography  “An Introduction To Intrusion Detection Systems”  “Intrusion Detection and Prevention Product Update” “An Introduction to Intrusion Detection”
27 Saurabh Prajapati(11ce21) Akshay Patel (11ce20 )Saurabh Prajapati(11ce21)Thank you for your attention and time