1 / 35

Intrusion Detection Systems

Intrusion Detection Systems. Austen Hayes Cameron Hinkel. Intrusion Detection Systems (IDS). Definition. Purpose of IDS. Monitor Host/Network. Purpose of IDS. Monitor Host/Network Log Suspicious Activity. Purpose of IDS. Monitor Host/Network Log Suspicious Activity

landen
Download Presentation

Intrusion Detection Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection Systems Austen Hayes Cameron Hinkel

  2. Intrusion Detection Systems (IDS) • Definition

  3. Purpose of IDS • Monitor Host/Network

  4. Purpose of IDS • Monitor Host/Network • Log Suspicious Activity

  5. Purpose of IDS • Monitor Host/Network • Log Suspicious Activity • Detect Potential Threats

  6. Purpose of IDS • Monitor Host/Network • Log Suspicious Activity • Detect Potential Threats • Alert System Administrator(s)

  7. Purpose of IDS • Monitor Host/Network • Log Suspicious Activity • Detect Potential Threats • Alert System Administrator(s) • Generate Reports

  8. Detection Methods • Statistical Anomaly-Based

  9. Detection Methods • Statistical Anomaly-Based • Protocol Analysis

  10. Detection Methods • Statistical Anomaly-Based • Protocol Analysis • Bandwidth

  11. Detection Methods • Statistical Anomaly-Based • Protocol Analysis • Bandwidth • Hardware Connections

  12. Detection Methods • Statistical Anomaly-Based • Protocol Analysis • Bandwidth • Hardware Connections • Signature-Based

  13. Detection Methods • Statistical Anomaly-Based • Protocol Analysis • Bandwidth • Hardware Connections • Signature-Based • Stateful Protocol Analysis

  14. Types of IDS • Network (NIDS) NIDS Firewall Internet Private Network

  15. Types of IDS • Host-based (HIDS) Firewall Internet HIDS Private Network

  16. Types of IDS • Wireless Sensor Access Point Internet IDS Wireless Devices

  17. Types of IDS • Network (NIDS) • Host-based (HIDS) • Wireless • Network Behavior Analysis

  18. Network IDS • Installation Types • Hub/Switch Hub Internet NIDS Private Network

  19. Network IDS • Installation Types • Network Tap Hub Internet NIDS Private Network

  20. Network IDS • Installation Types • Inline Hub Internet NIDS Private Network

  21. Network IDS • Examples • “LaBrea Tarpit” • Propagation of worms

  22. Network IDS • Examples • “LaBreaTarpit” • Propagation of worms • ARP request responses

  23. Network IDS • Examples • Honey Pot • Low-Interaction

  24. Network IDS • Examples • Honey Pot • Low-Interaction • High-Interaction

  25. Types of Attacks

  26. Types of Attacks • Port Scan

  27. Types of Attacks • Port Scan • DOS Attack

  28. Types of Attacks • Port Scan • DOS Attack • ICMP Flood

  29. Types of Attacks • Port Scan • DOS Attack • ICMP Flood • Distributed

  30. Popular IDS Software • Snort • Open source, Signature-based

  31. Popular IDS Software • Snort • Open source, Signature-based • AIDE • Advanced Intrusion Detection Environment

  32. Popular IDS Software • Snort • Open source, Signature-based • AIDE • Advanced Intrusion Detection Environment • OSSEC HIDS

  33. Conclusion • Security Integral to Sys. Admin Job

  34. Conclusion • Security Integral to Sys. Admin Job • Complexity of Securing A System/Network

  35. Conclusion • Security Integral to Sys. Admin Job • Complexity of Securing a System/Network • Numerous Tools Available To Detect Threats

More Related