Presentation on theme: "Network Intrusion Detection System Omar ISMAIL Internet Engineering Lab Graduate School of Information Science Nara Institute of Science and Technology."— Presentation transcript:
Network Intrusion Detection System Omar ISMAIL Internet Engineering Lab Graduate School of Information Science Nara Institute of Science and Technology Nara, Japan 20 th June 2003 1 NAIST
Outline NAIST 20 th June 2003 2 What is NIDS? Why it is important? Snort Deployment at AI3 Cases Explained Need exporing tools? Future work
Network Intrusion Detection System(NIDS) NAIST 20 th June 2003 3 IDS : A tool that knows how to read and interpret the log files Types of IDS : Network-IDS, Host-IDS and Distrubuted-IDS NIDS : Monitors network backbones and looking for attack signitures What is IDS and NIDS Why are intrusion detection system important? Just think about cancer Why we only choose NIDS? AI3-NAIST has been a middle point between Japan and the other partners
Snort(1) NAIST 20 th June 2003 4 What and Why Snort? Very popular, signiture based, Full fledged, and open-source NIDS Packet sniffer, packet logger and NIDS Snort Packet Decode Engine Preprocessor Plug-ins Detection Engine Detection Plug-ins Output plug-ins
Snort(2) NAIST 20 th June 2003 5 Performance Considerstion: Snort is version 2 now. Preprocessing Ability and Plug-ins make Snort faster and more effective. Also, by using switches and tapping, Snort is also very effective in high-speed network.
NAIST 20 th June 2003 6 Deployment Nara Main Segment SFC Segment Snort Nara Backbone To Satellite
NAIST 20 th June 2003 7 Deployment Nara Main Segment SFC Segment Snort1 Nara Backbone To Satellite Snort2
Cases Explained NAIST 20 th June 2003 8 Present the alert data...
NAIST 20 th June 2003 9 Future Work Make the output human readable Set up Distributed-IDS at AI3