1 / 12

Intrusion Prevention Systems

Intrusion Prevention Systems. Presented by Justin Bode CS 450 – Computer Security February 17, 2010. Video. To show importance of network security http://vimeo.com/7151210. Introduction. Why the need for IPS ?. Other Forms of Protection. Anti-Virus Programs

mariah
Download Presentation

Intrusion Prevention Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Prevention Systems Presented by Justin Bode CS 450 – Computer Security February 17, 2010

  2. Video To show importance of network security http://vimeo.com/7151210

  3. Introduction Why the need for IPS?

  4. Other Forms of Protection • Anti-Virus Programs • Need to be updated constantly – Might be too late • React rather than protect • Firewalls • Can block traffic but needs to allow some through • Attacks can still get in • Intrusion Detection Systems • Scans the network for signs of intrusion • Merely reports – Requires user action to stop attacks • IDS evasion techniques are becoming common

  5. Intrusion Prevention Systems How do they work? Types of IPS?

  6. How IPS Works • Software based heuristic approach • Similar to IDS but has added functionality to block • Sandbox • Runs mobile code in isolated environment and looks at the result • Hybrid • Uses multiple detection methods and blocks imminent attacks • Kernel Based Protection • Agent installed between user application and kernel • Malicious system calls are blocked.

  7. Types of IPS • Network based • Inline hardware systems • Uses signature, anomaly, and proprietary detection methods • Traffic normalization – removes protocol ambiguities to ensure the NIPS sees the same thing as the end host • Cons? • High rate of false positives • What if NIPS goes down?

  8. Types of IPS

  9. Types of IPS • Host based • Installed on host computer • Hooks onto kernel and looks at all system calls • If system call isn’t normal, it is blocked. • Use of “interceptors” - StormWatch • File system • Network • Configuration • Execution space • Cons? • Resource intensive – checking all calls, sandboxing

  10. Types of IPSStormWatch

  11. Questions? I’ll answer if I know it

  12. References SANS Institute – Intrusion Prevention Systems by DineshSequeira November 2002 Wikipedia – Intrusion Prevention Systems (For the basic stuff)

More Related