Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTRUSION DETECTION SYSTEM

Similar presentations


Presentation on theme: "INTRUSION DETECTION SYSTEM"— Presentation transcript:

1 INTRUSION DETECTION SYSTEM

2 WHAT IS IDS? An IDS is a system designed to detect unauthorized access to secure systems. i.e. Hacking , cracking or script based attacks. intrusion detection systems do exactly as the name implies: they detect possible intrusions IDS tools aim to detect computer attacks and/or computer misuse and alert the proper individuals upon detection An IDS provides much of the same functionality as a burglar alarm installed in a house

3 WHAT IS INTRUSION DETECTION??
Intrusions are the activities that violate the security policy of system. Intrusion Detection is the process used to identify intrusions Intrusion : Attempting to break into or misuse your system. Intruders may be from outside the network or legitimate users of the network.

4 DISADVANTAGES OF EXISTING SYSTEM
No detection and prevention framework in a virtual networking environment Not accuracy in the attack detection from attackers.

5 ADVANTAGES OF IDS allows administrator to tune, organize and comprehend often incomprehensible operating system audit trails and other logs can make the security management of systems by non-expert staff possible by providing user friendly interface can recognize and report alterations to data files IDS generate alarm and report to administrator that security is breaches and also react to intruders by blocking them or blocking server. It provides time to time information, it recognize attacker (intrusion) & report alteration to data files.

6 TYPES OF INTRUSION DETECTION SYSTEM
->Based on the sources of the audit information used by each IDS, the IDSs may be classified into Host Based Intrusion Detection: HIDSs evaluate information found on a single or multiple host systems, including contents of operating systems, system and application files . Network Based Intrusion Detection: NIDSs evaluate information captured from network communications, analyzing the stream of packets which travel across the network .

7 WHERE WE PLACED IDS??

8 COMPONENTS OF IDS IDS system containing following 3 component:
Event generator. Analysis engine. Response/alert.

9 SNORT: SNORT is a free and open source network intrusion detection and prevention system created by Martin Roesch in 1998. Snort has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks It performs protocol analysis, content searching, and content matching.

10

11 COMPONENTS OF SNORT a. Packet Decoder b. Preprocessors
c. Detection Engine d. Logging and Alerting System e. Output Modules

12 Fig shows how these components are arranged
Fig shows how these components are arranged. Any data packet coming from the Internet enters the packet decoder. On its way towards the output modules, it is either dropped, logged or an alert is generated

13 PACKET DECODER: The packet decoder takes packets from different types of network interfaces and prepares the packets to be preprocessed or to be sent to the detection engine The interfaces may be Ethernet, SLIP, PPP and so on.

14 PREPROCESSORS Preprocessors also known as a input plug-ins.
Preprocessors are components or plug-ins that can be used with Snort to arrange or modify data packets before the detection engine does some operation to find out if the packet is being used by an intruder. They are also used to normalize protocol headers, detect anomalies, packet reassembly and TCP stream re-assembly.

15 DETECTION ENGINE The detection engine is the most important part of Snort. Its responsibility is to detect if any intrusion activity exists in a packet.

16 LOGGING AND ALERTING SYSTEM
It generates alert and log messages depending upon what the detection engine finds inside a packet.

17 OUTPUT MODULES Output modules or plug-ins process alerts and logs and generate final output.

18 Commercial ID Systems ISS – Real Secure from Internet Security Systems: Real time IDS. Contains both host and network based IDS. Tripwire – File integrity assessment tool. Bro and Snort – open source public-domain system.

19 SYSTEM CONFIGURATION:
Hardware Configuration:- Processor - Pentium –IV Speed GHz RAM MB(min) Hard Disk GB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - SVGA

20 Software Configuration:-
Operating System: Windows XP Programming Lang.: JAVA/J2EE Java Version: JDK 1.6 & above.

21 REFERENCES: www.securityfocusonline.com/IDS
detection system/ Reference book :Intrusion Detection Systems with Snort by Rafeeq Ur Rehman

22 THANK YOU


Download ppt "INTRUSION DETECTION SYSTEM"

Similar presentations


Ads by Google