Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Published byLora Moody Modified over 8 years ago

Similar presentations

Presentation on theme: "Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007."— Presentation transcript:

1 Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

2 WHAT IS SECURITY ISO 7498-2 defines five security services ISO 7498-2 defines five security services –Confidentiality (secrecy) –Authentication (identify verification) –Integrity –Access control Users also would likely include Users also would likely include –Preventing spam –Preventing denial of service –Privacy –…

3 Security Terminology Vulnerabilities Vulnerabilities –security flaws in systems Attacks Attacks –means of exploiting vulnerabilities Countermeasures Countermeasures –technical or procedural means of addressing vulnerabilities or thwarting specific attacks Threats Threats –motivated adversaries capable of mounting attacks which exploit vulnerabilities

4 Types of violation Attack Attack –Attempts to exploit a vulnerability –Ex: denial of service, privilege escalation Intrusion Intrusion –Masquerading as another legitimate user Misuse Misuse –User abuses privileges –Often called the “insider threat”

5 Intrusion “Any intentional event where an intruder gains access that compromises the confidentiality, integrity, or availability of computers, networks, or the data residing on them.” Credit: CERT-CC Security Improvement Module 8: Responding to Intrusions

6 Why Systems Are Vulnerable Contemporary Security Challenges and Vulnerabilities

7 Use of fixed Internet addresses through use of cable modems or DSL Lack of encryption with most Voice over IP (VoIP) Widespread use of e-mail and instant messaging (IM) Internet Vulnerabilities: Why Systems Are Vulnerable (Continued)

8 Intrusion Detection and Computer Security Computer security goals: Computer security goals: –Confidentiality, integrity, and availability Intrusion is a set of actions aimed to compromise these security goals Intrusion is a set of actions aimed to compromise these security goals Intrusion prevention (authentication, encryption, etc.) alone is not sufficient Intrusion prevention (authentication, encryption, etc.) alone is not sufficient Intrusion detection is needed Intrusion detection is needed

9 Intrusion Examples Intrusions : Any set of actions that threaten the integrity, availability, or confidentiality of a network resource Intrusions : Any set of actions that threaten the integrity, availability, or confidentiality of a network resource Examples Examples –Denial of service (DoS): attempts to starve a host of resources needed to function correctly –Worms and viruses: replicating on other hosts

10 Intrusion Detection Intrusion detection: The process of monitoring and analyzing the events occurring in a computer and/or network system in order to detect signs of security problems Intrusion detection: The process of monitoring and analyzing the events occurring in a computer and/or network system in order to detect signs of security problems Primary assumption: User and program activities can be monitored and modeled Primary assumption: User and program activities can be monitored and modeled Steps Steps –Monitoring and analyzing traffic –Identifying abnormal activities –Assessing severity and raising alarm

11 IDS Architecture Sensors (agent) Sensors (agent) –to collect data and forward info to the analyzer  network packets  log files  system call traces Analyzers (detector) Analyzers (detector) –To receive input from one or more sensors or from other analyzers –To determine if an intrusion has occurred User interface User interface –To enable a user to view output from the system or control the behavior of the system

12 Intrusion Detection Model Credit: IETF: Intrusion Detection Message Exchange Requirements (Internet Draft) Data Source Sensor Administrator Manager Operator Analyser Sensor Security Policy Response Activity Event Alert Notification

13 Intrusion Detection Systems Detect intrusive behaviour in an automated fashion Detect intrusive behaviour in an automated fashion Monitor activity both across networks (NIDS) and within hosts (HIDS) Monitor activity both across networks (NIDS) and within hosts (HIDS) Analyse activity for signs of intrusion Analyse activity for signs of intrusion –Signature based –Anomaly based Respond to predetermined triggers by: Respond to predetermined triggers by: –Blocking specific actions

14 Common Defense Strategies Firewalls Firewalls Intrusion Detection Systems Intrusion Detection Systems Anti-virus technology (in hosts and in mail gateways) Anti-virus technology (in hosts and in mail gateways) Anti-spam technology (in hosts and in mail gateways) Anti-spam technology (in hosts and in mail gateways) Periodic penetration testing (enterprise nets) Periodic penetration testing (enterprise nets) Centralized patch management (enterprise nets) Centralized patch management (enterprise nets) Anti-DOS mechanisms (ISPs) Anti-DOS mechanisms (ISPs)

15 Defining Policy Consider this example Consider this example –A hospital deploys a database system for patient records. The system consists of a centralized DB server accessed by client systems in the hospital. Clients access the information through a network of connected PCs and via wireless PDAs What sorts of policy statements can we make about the hardware? Software? Users? What sorts of policy statements can we make about the hardware? Software? Users?

16 Defining Policy Possible statements Possible statements –The DB server software will be kept up to date –Unused network services (ports) on the DB server will be disabled –Wireless access will employ strong cryptographic protocols –Users are prohibited from examining records of patients not in their care Machine readable policy is very hard problem Machine readable policy is very hard problem –Particularly for misfeasance (i.e. insiders)

17 Info Case studyCourse :Intrusion detection and hacker exploits Case studyCourse :Intrusion detection and hacker exploits Presented to: Dr. Lo’ai Tawalbeh Presented to: Dr. Lo’ai Tawalbeh Homepage: http://www.isrc.qut.edu.au/about/pe ople/aclark/questnet2003-ac-ids.ppt Homepage: http://www.isrc.qut.edu.au/about/pe ople/aclark/questnet2003-ac-ids.ppt

18 Presented to: Dr. lo’ai tawalbeh Presented to: Dr. lo’ai tawalbeh Course :Intrusion detection and hacker Course :Intrusion detection and hacker exploits exploits

Download ppt "Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007."

Similar presentations

Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google