210 likes | 463 Views
IDPS (Intrusion Detection & Prevention System ). By Varang Amin (004805672) Guided By Prof. Richard Sinn. Agenda. Introduction IDPS Why IDPS Detection Engine Features &Functions Evaluation Test Case Future Available IDPS in Market. Introduction. Secure Environment.
E N D
IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn
Agenda • Introduction • IDPS • Why IDPS • Detection Engine • Features &Functions • Evaluation • Test Case • Future • Available IDPS in Market
Introduction • Secure Environment
Introduction • Various options are available • IDPS , based on behavior of network and contents of each and every packet. • Firewall , based on Access Control List . • VPN,communication network tunneled through public network.
Why IDPS…… • Firewall ,based on policy defined in Access Control List • Policy based filtering when session is established • Not able to check each packet in network • Tend to stop search when find any match. • Able to shutdown the connection but not able to throttle the traffic
IDPS • Detection method • Specification Detection , based on the application reorganization rules for detecting application and attacks. • Anomaly Detection, based on the behavior of the available pattern in IDPS . • Integrity Check , detection based on hash values and signatures for verify the integrity of data.
Deployment IPS • Network Based • Host Based • Hybrid
IDPS Terminology • Signatures , basically regular or fixed expression . • Depth Of Search • Offset Example : • Regular Expressions • eDonkey Login Connection “\xe3.{4}[\x01\xc5] ”
Continue………. • Fixed Expression • eDonkey File sharing Connection “http://emul-Projectinfo.org” • Implemented with the help of sniffers.
Continue…. • Traffic Anomaly Throttle the network traffic. • Protocol Anomaly For Standard Service • False Positives Incorrect application detected . • False Negatives Application Not Detected
Evaluation of IDPS • Generate some manual traffic of open source attacks . • IXIA • Smart bits • Existing service from Windows or Linux OS.
Test Case 1 • By pass the IPS.
Test Case 2 • Fragment the Attack
Test Case 3 • TTL based attacks
Future Enhancement …… • Can be more sophisticated application • Session Monitoring • Learning • UTM
IDPS Example • Cisco 6000 Family IDS • Snap Gear by Secure Computing • Linux IP Tables (Open Source) • Snort • Intrupro • Sonic Wall Gateway
References • Article “IDS Evaluation” published on Network world Magazine . • Insertion, Evasion and Denial Of Service:-Eluding Network Intrusion detection System -Thomas H. Ptacek, Timothy N. Newsham . • www.securityfocus.com
Thanks • Question ????