Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Published byLeslie Hill Modified over 9 years ago

Similar presentations

Presentation on theme: "INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West."— Presentation transcript:

1 INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West

2 OVERVIEW  Definition – What is intrusion detection and intrusion detection systems(IDS)  Characteristics of Intrusion Detection Systems  Typical Components of Intrusion Detection Systems  Types of Intrusion Detection Systems  Network-Based  Host-Based  Wireless  Conclusion

3 DEFINITION  Intrusion Detection  The process of monitoring and analyzing a computer system or network for suspicious behavior or potential threats  Intrusion Detection Systems  The software and/or hardware that automate the process of monitoring events on a system or network and analyzing gathered information for intrusions

4 CHARACTERISTICS  Information recording  Logging gathered information  Analyzing information  Notifying system administrators  Reports

5 TYPICAL COMPONENTS  Sensors  Collect data from various sources.  Network packets, log files, etc  Management Servers  Analyze information collected by sensors  Can decide if an intrusion is occurring and take action  User Interface  Typically a software tool for system admins  Allows admin interaction with the IDS  Databases  Store sensor gathered data, logging information, etc

6 NETWORK-BASED IDS  Monitors computer networks for possible intruders  Analyzes network traffic and transport/application protocols  Primary component  Sensors -  Inline – sensors placed in direct network traffic flow  Passive – sensors connected to the network from the outside  Logging  Focuses on network information  IP addresses/MAC addresses, transportation protocols, etc

7 INLINE SENSOR

8 PASSIVE SENSOR

9 HOST-BASED IDS  Monitors events on a single host machine for attacks  Code analysis – malicious code, buffer overflows  Running applications  Changes in the host network settings  File system monitoring – access and integrity  Primary component  Agents – Software installed on the host that monitors and communicates with the management server  Logging  Focuses on application information, file paths and names, user information

10 HIDS ARCHITECTURE

11 WIRELESS IDS  Very similar to NIDS. Monitors wireless networks rather than physical  Analyzes wireless network protocols for suspicious activity  Primary Component  Sensors – samples frequency channels for malicious activities  Channel Scanning – constantly scans different channels in different frequency bands  Fixed sensors – a sensor placed in a fixed location  Mobile sensors – sensors that allow movement around a network  Logging  Channel numbers, sensor ID that observed a malicious event, source MAC address

12 WIRELESS IDS SETUP

13 CONCLUSION  There are a variety of different IDSs that contain a variety of components  IDSs are essential in any organization and institute that handle important data  Very helpful for system administrators

Download ppt "INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West."

Similar presentations

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.

(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
NETWORK SECURITY.

NETWORK SECURITY.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Similar presentations

Ads by Google