1 / 20

Intrusion Detection System

Intrusion Detection System. By Edith Butler Fall 2008. Our Security. Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc. History about IDS. It began in 1980, with James Anderson's paper: Computer Security Threat Monitoring and Surveillance

oprah-charles
Download Presentation

Intrusion Detection System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection System By Edith Butler Fall 2008

  2. Our Security • Ways we protect our valuables: • Locks • Security Alarm • Video Surveillance, etc.

  3. History about IDS • It began in 1980, with James Anderson's paper: • Computer Security Threat Monitoring and Surveillance • The setting of protocols in place to detect • Misuse • Or Malicious attacks in computer systems.

  4. History of IDS Cont’d • In 1983, Dr. Dorothy Denning and SRI International began working on a government project. • In 1984, Dr. Denning assisted in the development of the Intrusion Detection Expert system which was the first model of IDS .

  5. History about IDS continues…

  6. WHAT IS IDS? • IDS stands for Intrusion Detection System. • security countermeasure • Looks for signs of intruders. • Software and/or hardware designed

  7. What is IDS? Cont’d • Intrusion Detection System inspects all inbound and outbound network activity : • Computer system. • On-line transmissions • Private documents • Networks and overall privacy.

  8. IDS FUNCTIONS • Functions of IDS: • “Monitoring users and system activity • Auditing system configuration for vulnerabilities and misconfigurations • Assessing the integrity of critical system and data files • Recognizing known attack patterns in system activity. • Identifying abnormal activity through statistical analysis • Managing audit trails and highlighting user violation of policy or normal activity • Correcting system configuration errors • Installing and operating traps to record information about intruders

  9. WHY IDS? • To protect our network. • From the outside environment • Malicious attacks • From the inside as well • Possible manipulation, destruction, transferring, altering files or unintentionally mistakes.

  10. TYPES OF ATTACK • Some known attacks are: • network attacks against vulnerable services. • Data attacks on applications. • Host based attacks such as : • privilege escalation • unauthorized logins • access to sensitive files • malware.

  11. IDS COMPONENTS • IDS Components: • Sensors which generate security events. • A console to monitor events and alerts, will also control the sensors. • Central engine that records events logged by the sensors in a database and uses a system of rules to generate alert from security events that are encountered. • Possible Sensors are: • A sensor to monitor TCP connections requests. • Log file Monitors • File integrity Checker

  12. TYPES OF IDS • Two general types of intrusion detection systems are: • The host based intrusion system known as HIDS - • The network based intrusions systems (NIDS)

  13. HIDS • HIDS – Host based Intrusion Detection Systems • Used within a local computer • Analyzes the data entering and leaving within a workstation such as a desktop, server, and/or laptop • HIDS works along with anti-threat applications : • firewalls • antivirus software • spy ware-detection

  14. HIDS CONT’D • HIDS protects : • Workstations and servers • Used in conjunction with the operation system to catch any suspicious activity and block it from the system. • HIDS monitors activities : • Application or data requests • Network Connection attempts • Read or Write attempts. • Audit System Logs

  15. Diagram of HIDS

  16. NETWORK BASED INTRUSION SYSTEM • NIDS is used in conjunction with the LAN network. • Anti-threat software is installed only at specific points: • servers that interface between the outside environment and the network segment to be protected. • can be a combination of standalone hardware or software that analyzes data packets that come in and out of the network. • NIDS oversees and monitors the network traffic to detect any malicious activity or ensure the traffic is indeed valid.

  17. Diagram of NIDS

  18. NIDS VS HIDS • Which one is better? • No definite answer • You really need both. • one for your network NIDS • one for your servers/workstations that is HIDS • A proper IDS implementation should have: • An environemnt that would filter alters and notification • In addition to your firewall, NIDS/HIDS IDS technology will keep your environment secure from malicious virus and guard files that are highly sensitive. • The difference between host-based and network-based intrusion detection is that NIDS deals with data transmitted from host to host while HID is concerned with what occurs on the hosts themselves.

  19. IDS Statistics • Just over 90% of interconnected networks that were running IDS detected computer security breaches in the last 12 months defiant of several implemented firewall protections that were installed. • Computer Security Institute, 4/7/02 reported that 80% reported financial losses in excess of $455M was caused by intrusion and malicious acts thereafter. • Millions of jobs have been affected because of intrusion • Only 0.1% of companies are spending the appropriate budget on IDS. • IDS are mostly misunderstood and are thought of as a firewall product or a substitute. • If you use an antivirus then should also consider adding an IDS as a complimentary product to your security strategy.  Most organizations using antivirus software do not use IDS.

  20. TOP 11 • Computer Associate International's eTrust • Cisco Systems' Secure IDS • CyberSafe Corp.'s Centrax • Enterasys Networks' Dragon • Internet Security Systems' BlackICE • ISS' RealSecure • Intrusion.com's SecureNet Pro • NFR Security's NFR Network Intrusion Detection System • NFR Anzen Computing's Flight Jacket • the open-source Snort and • Symantec Corp.'s NetProwler

More Related