390 likes | 579 Views
Intrusion Detection Systems. Austen Hayes Cameron Hinkel. Intrusion Detection Systems (IDS). Definition. Purpose of IDS. Monitor Host/Network. Purpose of IDS. Monitor Host/Network Log Suspicious Activity. Purpose of IDS. Monitor Host/Network Log Suspicious Activity
E N D
Intrusion Detection Systems Austen Hayes Cameron Hinkel
Intrusion Detection Systems (IDS) • Definition
Purpose of IDS • Monitor Host/Network
Purpose of IDS • Monitor Host/Network • Log Suspicious Activity
Purpose of IDS • Monitor Host/Network • Log Suspicious Activity • Detect Potential Threats
Purpose of IDS • Monitor Host/Network • Log Suspicious Activity • Detect Potential Threats • Alert System Administrator(s)
Purpose of IDS • Monitor Host/Network • Log Suspicious Activity • Detect Potential Threats • Alert System Administrator(s) • Generate Reports
Detection Methods • Statistical Anomaly-Based
Detection Methods • Statistical Anomaly-Based • Protocol Analysis
Detection Methods • Statistical Anomaly-Based • Protocol Analysis • Bandwidth
Detection Methods • Statistical Anomaly-Based • Protocol Analysis • Bandwidth • Hardware Connections
Detection Methods • Statistical Anomaly-Based • Protocol Analysis • Bandwidth • Hardware Connections • Signature-Based
Detection Methods • Statistical Anomaly-Based • Protocol Analysis • Bandwidth • Hardware Connections • Signature-Based • Stateful Protocol Analysis
Types of IDS • Network (NIDS) NIDS Firewall Internet Private Network
Types of IDS • Host-based (HIDS) Firewall Internet HIDS Private Network
Types of IDS • Wireless Sensor Access Point Internet IDS Wireless Devices
Types of IDS • Network (NIDS) • Host-based (HIDS) • Wireless • Network Behavior Analysis
Network IDS • Installation Types • Hub/Switch Hub Internet NIDS Private Network
Network IDS • Installation Types • Network Tap Hub Internet NIDS Private Network
Network IDS • Installation Types • Inline Hub Internet NIDS Private Network
Network IDS • Examples • “LaBrea Tarpit” • Propagation of worms
Network IDS • Examples • “LaBreaTarpit” • Propagation of worms • ARP request responses
Network IDS • Examples • Honey Pot • Low-Interaction
Network IDS • Examples • Honey Pot • Low-Interaction • High-Interaction
Types of Attacks • Port Scan
Types of Attacks • Port Scan • DOS Attack
Types of Attacks • Port Scan • DOS Attack • ICMP Flood
Types of Attacks • Port Scan • DOS Attack • ICMP Flood • Distributed
Popular IDS Software • Snort • Open source, Signature-based
Popular IDS Software • Snort • Open source, Signature-based • AIDE • Advanced Intrusion Detection Environment
Popular IDS Software • Snort • Open source, Signature-based • AIDE • Advanced Intrusion Detection Environment • OSSEC HIDS
Conclusion • Security Integral to Sys. Admin Job
Conclusion • Security Integral to Sys. Admin Job • Complexity of Securing A System/Network
Conclusion • Security Integral to Sys. Admin Job • Complexity of Securing a System/Network • Numerous Tools Available To Detect Threats