1 / 13

Intrusion Detection

Intrusion Detection. Jordan Wiens 352 392 2061 numatrix@ufl.edu http://infosec.ufl.edu/ Senior Network Security Engineer. Introduction. UF Security Team Auditing Scanning Incident Response, Forensics IDS Evaluations Education Me. Purpose, related tech. Real-time alerting Forensics

hani
Download Presentation

Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection • Jordan Wiens • 352 392 2061 • numatrix@ufl.edu • http://infosec.ufl.edu/ • Senior Network Security Engineer

  2. Introduction • UF Security Team • Auditing • Scanning • Incident Response, Forensics • IDS • Evaluations • Education • Me

  3. Purpose, related tech • Real-time alerting • Forensics • IDS vs. IPS • IDS vs. HIDS • IDS vs. NADS • IPS vs. Firewall

  4. Timeline • 1987 – An Intrusion Detection Model • 1990 – A Network Security Monitor • 1994 – Netranger • 1997 – ISS • 1998 – Snort • 1999 – Dragon

  5. Deployment • Copper • Hub • Switch w/ SPAN port or mirror mode • Fiber • Optical tap (passive, active) • Optical switch • Wireless • Management Network

  6. Classic Techniques • Malformed packets • Pattern matching • Protocol decoders • Statistical analysis

  7. Modern Techniques • Context Awareness • Inline Responses • OOB Responses • Extensibility, Integration, Open APIs • Anomaly Detection

  8. Demonstration

  9. Signatures • Signature writing methodology • False-positive, false-negative • Vulnerability versus exploit • Goals for forensics, detection, prevention • Examples • UPNP • Botnet detection • WMF

  10. Detection Failures • Evasion • Fuzz until evade (AV bypass as well) • Obfuscate / encode • All layers • Fragroute • Metasploit • Forest, trees, etc. • Nessus, Metasploit • Inherent weaknesses

  11. Counter Evasion • IP Normalization • Application proxy • IDS Normalization Modules • Count on laziness! • Less effective as we add on layers to traditional OSI (SOAP over HTTP, AJAX, etc).

  12. Companies and Products • Open Source (Snort, Bro, Shadow) • Enterasys' Dragon • ISS Proventia • Juniper's Netscreen • Cisco • Stillsecure • Lucid • and more...

  13. The background photo in this presentation is called “Look-Forward” by mmmzaaomi and is licensed under a by-nc-sa/2.0 Creative Commons license. It is available at:flickr.com/photos/mmmazzoni/110019759/ Likewise, this presentation itself is released under a by-nc-sa/2.0 Creative Commons License and is available at: infosec.ufl.edu/literature/ Ver 1.0 Questions?

More Related