Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Published byArchibald Little Modified over 8 years ago

Similar presentations

Presentation on theme: "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"— Presentation transcript:

1 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Intrusion Detection Systems and Network Security Chapter 13

2 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Objectives Apply the appropriate network tools to facilitate network security. Determine the appropriate use of tools to facilitate network security. Apply host-based security applications.

3 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Access control lists (ACLs) Antispam Antivirus Content-based signature Context-based signature False negative False positive Firewall Heuristic scanning Honeypot Host-based IDS (HIDS) Internet content filter Intrusion detection system (IDS)

4 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Network Security: A Layered Approach As need for security increases, layers of security should be added. –Layers could include passwords, firewalls, access lists, file permissions, and intrusion detection systems Intrusion detection systems are one of the more complex layers. –Detects inappropriate or malicious activity on a computer or network.

5 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition History of Intrusion Detection Systems Stalker (host-based) released 1989 Mid-1990s IDS gain popularity commercially. WheelGroup develops first network-based IDS under the name NetRanger. Internet Security Systems’ Realsecure released in 1996. By 1998 IDS was considered a vital part of network security.

6 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition History of the Internet and IDS

7 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Traffic collector / sensor Analysis engine Signature database User interface and reporting IDS Components

8 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition IDS Components (continued)

9 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Host-based IDS (HIDS) Network-based IDS (NIDS) Distinguished by detection method: –Signature-based IDS - Relies heavily on a predefined set of attack and traffic patterns called signatures. –Anomaly-based (heuristic) IDS - Monitors activity and attempts to classify it as either “normal” or “anomalous.” Types of IDS

10 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Network IDS Components

11 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Advantages of NIDS –Providing IDS coverage requires fewer systems. –Deployment, maintenance, and upgrade costs are usually lower. –A NIDS has visibility into all network traffic and can correlate attacks among multiple systems. Disadvantages of NIDS –It is ineffective when traffic is encrypted. –It can’t see traffic that does not cross it. –It must be able to handle high volumes of traffic. –It doesn’t know about activity on the hosts themselves.

12 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

13 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

14 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Passive NIDS –Generates an alarm when it matches a pattern and does not interact with the traffic in any way. Active NIDS –Reactive response to an attack such as a TCP reset. TCP reset –The most common defensive ability for an active NIDS. –The reset message (RST) tells both sides of the connection to drop the session and stop communicating immediately. Active vs. Passive NIDS

15 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Content-based signatures –Matching characters or strings –Generally the simplest types –Easy to build and look for simple things, such as a certain string of characters or a certain flag set in a TCP packet Context-based signatures (heuristics) –Matching patterns of activity –Generally more complex Signatures

16 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition A network device—hardware, software, or a combination thereof Determines what traffic should be allowed or denied to pass in or out of a network Firewalls

17 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

18 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

19 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Firewall Mechanisms –Network Address Translation (NAT) –Basic packet filtering (header information) –Stateful inspection (header and contents) pg 335 –Access control lists (ACLs) Rules applied to ports and IP addresses How Firewalls Work

20 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition In addition to IDS functions, it has the capability of stopping or preventing malicious attack. Some can inspect encrypted traffic (SSL traffic) Often rated by the amount of traffic that can be processed without dropping packets. Intrusion Prevention Systems

21 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

22 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Used to: –Filter undesirable content –Filter malicious code such as browser hijacking attempts Challenges: –Blacklists of websites difficult to maintain –Keyword filtering may generate false positives –Determined users will attempt to bypass the system Barracuda Case Study Internet Content Filters

23 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

24 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition A honeypot is a system or group of systems designed to attract an attacker’s attention. –Allows the attackers methods to be observed without putting real systems at risk –Activity recorded for later analysis –Afford information and additional security but require significant cost and effort to maintain A honeynet is a group of honeypots. Honeypots and Honeynets

25 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

26 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

27 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Examines activity only on a specific host –Examines logs, audit trails, and network traffic coming into or leaving the host –Examination is done in real time or periodically Flags that may raise the alarm in a HIDS –Login failures –Logins at irregular hours –Privilege escalation –Additions of new user accounts Host-Based IDS (HIDS)

28 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition The traffic collector aggregates information. The analysis engine reviews the data. –May implement a decision tree to classify activities and make decisions –Signature database may be used to match activities to predefined activity or patterns Users work with HIDS through the user interface which include the visible components of the HIDS. How HIDS Work

29 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Used to identify, neutralize, or remove malicious programs, macros, and files. Scanning approaches: –Signature-based scanning –Heuristic scanning Modern antivirus products have: Antivirus Products –Automated updates –Automated scanning –Media scanning –Manual Scanning –E-mail scanning –Resolution

30 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Host-based protective mechanism that controls traffic going into and out of a single system. Various free and commercial firewall software is available. Zone Alarm Personal Software Firewalls

31 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition

32 © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Pop-up Blockers –Attempts to prevent web pages from opening a new tab or window Windows Defender –Designed to remove spyware and unwanted programs from your PC –Includes spyware detection and removal, scheduled scanning, automatic updates, real-time protection, software explorer, and configurable responses Pop-up Blockers and Windows Defender

33 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Apply the appropriate network tools to facilitate network security. Determine the appropriate use of tools to facilitate network security. Apply host-based security applications.

Download ppt "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Firewall Configuration Strategies

Firewall Configuration Strategies
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Similar presentations

Ads by Google