70 likes | 204 Views
Intrusion Detection Methods. “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”. The Seven Fundamentals. What are the methods used How are IDS Organized What is an intrusion
E N D
Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”
The Seven Fundamentals • What are the methods used • How are IDS Organized • What is an intrusion • How do we trace and how do they hide • How do we correlate information • How can we trap intruders • Incident response
Internet Trap • A set of functional and procedural components that use legal and authorized deception to divert the activity of potential intruder from real valued asset to bogus assets (and vice versa) for the purpose of gathering intrusion related information and initiating response.
Real system Real system Trap Technical considerations • Detecting the intruder • Detecting the trigger • Reversing decision about activity • Remain Stealth
Types of Internet Traps • Real environment with trap elements • Unix system with fake password file • Win2K with phony open shares • Web servers with phony vulnerable CGIs • Small environment to large trap • Large environment to small trap • Mirrored environment and trap • Trap serves as hot stand by system
Design considerations • Proper design • Advisory notice • Keep the intruder in mind (what would cs485 students like to break into?) • Don’t be too obvious • Software tools as gifts
Design considerations (cont.) • Bait • Administrator correspondence • Rigged email • Rigged scan points • System messages • OOB Traps • Legal considerations