1 / 11

What is a “Network Intrusion Detection System (NIDS)"?

What is a “Network Intrusion Detection System (NIDS)"?. What is a “Network Intrusion Detection System (NIDS)"?. A Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic

jui
Download Presentation

What is a “Network Intrusion Detection System (NIDS)"?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What is a “Network Intrusion Detection System (NIDS)"?

  2. What is a “Network Intrusion Detection System (NIDS)"? • A Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic • NIDS is designed to allows Data to be transmitted in Real-Time across any TCP/IP Network or connection, i.e. from any 2 PCs or Wireless Devices to millions, in Real-Time

  3. Some of the major features in NIDS in Windows 2000 include: • Support for Plug and Play, Power Management, and Windows Management Instrumentation(WMI) • Support for connection-oriented media such as asynchronous transfer mode (ATM).

  4. Features • Support for older (legacy) transport stacks over connection-oriented media (for example, the LAN Emulation (LANE) driver and User Network Interface (UNI) Call Manager). • The ability to offload tasks from the TCP/IP transport to the network adapter (for example, TCP/IP checksum tasks, IP Security tasks, and the segmentation of large TCP packets).

  5. High performance OS Specific capture module for Linux • Packet decode engine fully supports encapsulation • Decode plugins included for many protocols

  6. Easy to configure; just one config file • Full IP defragmentation • TCP stateful inspection with window tracking • Intelligent TCP stream reassembly • Full application layer decodes • EXTREMELY fast and scalable signature engine • Configurable token-bucket rate-limiting of any alerts

  7. Supported Protocols • TCP/IP Suite (IPv4,TCP,UDP,ICMP,IGMP) • 802.1q (vlan) • Can differentiate EthernetII and novell IPX frames • Can decode LLC and SNAP • IPX, SAP • Linux cooked sockets (SLL) in two different formats • GRE (generic routing encapsulation) • IrDA (infra-red) • ARP/Appletalk ARP

  8. Planned Features • Some performance enhancements • Proper remote alerting to central firestorm server • Analyst consoles to read data from central server • Central management of all configuration from analyst console

  9. What happens after a NIDS detects an attack? • Reconfigure firewall • chime • SNMP Trap • NT Event • syslog • send e-mail • page • Log the attack • Save evidence • Launch program • Terminate the TCP session

  10. How can one detect if someone is running a NIDS? • A NIDS is essentially a sniffer, so therefore standard sniffer detection techniques can be used. An example would be to do a traceroute against the victim. This will often generate a low-level event in the IDS.

  11. NIDS • BY Meron Girma • Cis. 450 • Professor Anrivor

More Related