120 likes | 274 Views
Intrusion Prevention Systems. Presented by Justin Bode CS 450 – Computer Security February 17, 2010. Video. To show importance of network security http://vimeo.com/7151210. Introduction. Why the need for IPS ?. Other Forms of Protection. Anti-Virus Programs
E N D
Intrusion Prevention Systems Presented by Justin Bode CS 450 – Computer Security February 17, 2010
Video To show importance of network security http://vimeo.com/7151210
Introduction Why the need for IPS?
Other Forms of Protection • Anti-Virus Programs • Need to be updated constantly – Might be too late • React rather than protect • Firewalls • Can block traffic but needs to allow some through • Attacks can still get in • Intrusion Detection Systems • Scans the network for signs of intrusion • Merely reports – Requires user action to stop attacks • IDS evasion techniques are becoming common
Intrusion Prevention Systems How do they work? Types of IPS?
How IPS Works • Software based heuristic approach • Similar to IDS but has added functionality to block • Sandbox • Runs mobile code in isolated environment and looks at the result • Hybrid • Uses multiple detection methods and blocks imminent attacks • Kernel Based Protection • Agent installed between user application and kernel • Malicious system calls are blocked.
Types of IPS • Network based • Inline hardware systems • Uses signature, anomaly, and proprietary detection methods • Traffic normalization – removes protocol ambiguities to ensure the NIPS sees the same thing as the end host • Cons? • High rate of false positives • What if NIPS goes down?
Types of IPS • Host based • Installed on host computer • Hooks onto kernel and looks at all system calls • If system call isn’t normal, it is blocked. • Use of “interceptors” - StormWatch • File system • Network • Configuration • Execution space • Cons? • Resource intensive – checking all calls, sandboxing
Questions? I’ll answer if I know it
References SANS Institute – Intrusion Prevention Systems by DineshSequeira November 2002 Wikipedia – Intrusion Prevention Systems (For the basic stuff)