Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is a “Network Intrusion Detection System (NIDS)"?

Published byAubrey Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "What is a “Network Intrusion Detection System (NIDS)"?"— Presentation transcript:

1 What is a “Network Intrusion Detection System (NIDS)"?

2 What is a “Network Intrusion Detection System (NIDS)"? A Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic NIDS is designed to allows Data to be transmitted in Real-Time across any TCP/IP Network or connection, i.e. from any 2 PCs or Wireless Devices to millions, in Real-Time

3 Some of the major features in NIDS in Windows 2000 include: Support for Plug and Play, Power Management, and Windows Management Instrumentation(WMI) Support for connection-oriented media such as asynchronous transfer mode (ATM).

4 Features Support for older (legacy) transport stacks over connection-oriented media (for example, the LAN Emulation (LANE) driver and User Network Interface (UNI) Call Manager). The ability to offload tasks from the TCP/IP transport to the network adapter (for example, TCP/IP checksum tasks, IP Security tasks, and the segmentation of large TCP packets).

5 High performance OS Specific capture module for Linux Packet decode engine fully supports encapsulation Decode plugins included for many protocols

6 Easy to configure; just one config file Full IP defragmentation TCP stateful inspection with window tracking Intelligent TCP stream reassembly Full application layer decodes EXTREMELY fast and scalable signature engine Configurable token-bucket rate- limiting of any alerts

7 Supported Protocols TCP/IP Suite (IPv4,TCP,UDP,ICMP,IGMP) 802.1q (vlan) Can differentiate EthernetII and novell IPX frames Can decode LLC and SNAP IPX, SAP Linux cooked sockets (SLL) in two different formats GRE (generic routing encapsulation) IrDA (infra-red) ARP/Appletalk ARP

8 Planned Features Some performance enhancements Proper remote alerting to central firestorm server Analyst consoles to read data from central server Central management of all configuration from analyst console

9 What happens after a NIDS detects an attack? Reconfigure firewall chime SNMP Trap NT Event syslog send e-mail page Log the attack Save evidence Launch program Terminate the TCP session

10 How can one detect if someone is running a NIDS? A NIDS is essentially a sniffer, so therefore standard sniffer detection techniques can be used. An example would be to do a traceroute against the victim. This will often generate a low-level event in the IDS.

11 NIDS BY Meron Girma Cis. 450 Professor Anrivor

Download ppt "What is a “Network Intrusion Detection System (NIDS)"?"

Similar presentations

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
4123702 Data Communications System By Ajarn Preecha Pangsuban.

Data Communications System By Ajarn Preecha Pangsuban.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.

 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Understanding the Host-to-Host Communications Model.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Understanding the Host-to-Host Communications Model.
1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:
CS 356 Systems Security Spring 2015 Dr. Indrajit Ray

CS 356 Systems Security Spring Dr. Indrajit Ray
1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.

1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.

USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
1 Chapter Overview Understanding the Windows 2000 Networking Architecture Using Microsoft Management Console.

1 Chapter Overview Understanding the Windows 2000 Networking Architecture Using Microsoft Management Console.
Module 1: Reviewing the Suite of TCP/IP Protocols.

Module 1: Reviewing the Suite of TCP/IP Protocols.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.
Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:

Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

Similar presentations

Ads by Google