1 / 10

Intrusion Detection Software (IDS/9000)

Intrusion Detection Software (IDS/9000). Version B.00 H7076S Module 7 Slides. Kernel IDS. CPU. sulog. btmp. wtmp. syslog. Processes. Memory. Disk. Intrusion Detection Software Overview. IDS Client. IDS Client/Server Architecture. Kernel IDS. Kernel IDS.

shelby
Download Presentation

Intrusion Detection Software (IDS/9000)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection Software (IDS/9000) Version B.00 H7076S Module 7 Slides

  2. Kernel IDS CPU sulog btmp wtmp syslog Processes Memory Disk Intrusion Detection Software Overview IDS Client

  3. IDS Client/Server Architecture Kernel IDS Kernel IDS CPU CPU sulog sulog btmp wtmp btmp wtmp syslog syslog Processes Processes Memory Memory Disk Disk

  4. Detection Templates Modification of files and directories Changes to logfiles Creation of set UID files Creation of world writable files Repeated failed logins Repeated failed su attempts Race condition attacks Buffer overflow attacks Modification of another user’s files Monitor for the start of interactive sessions Monitor logins and logouts

  5. Surveillance Groups Detection Templates Failed SU Attempts User Perm/File Changes New SUID Files Race Conditions Perm Changes Logins/Logouts Failed Logins User Logins Files Changes New WW Files Buffer Overflow Advanced Group All Template Group File Modification Group Login Monitoring Group Surveillance Groups

  6. Advanced Group All Template Group File Modification Group Login Monitoring Group Surveillance Schedules Detection Templates Surveillance Groups Surveillance Schedule Adv Group M-F 12:00-11:59 File Mod Group M-F 12:00-11:59 Login Mon Grp M-F 12:00-11:59 File Mod Group M-F 12:00-11:59 Login Mon Grp M-F 12:00-11:59

  7. Advanced Group All Template Group File Modification Group Login Monitoring Group Surveillance Schedules to Host Mapping Detection Templates Surveillance Groups Surveillance Schedule Adv Group M-F 12:00-11:59 File Mod Group M-F 12:00-11:59 Login Mon Grp M-F 12:00-11:59 File Mod Group M-F 12:00-11:59 Login Mon Grp M-F 12:00-11:59 IDS Clients

  8. IDS System Management Window

  9. Alert Browser

  10. Error Browser

More Related