90 likes | 227 Views
Chapter 7. 7.5 Intrusion Detection Systems. In This Section. Intrusion Detection Systems (IDS) Types of IDSs IDS Strengths & Limitations. Intrusion Detection Systems (IDSs). IDS is a device that monitors activity to identify malicious or suspicious events. It acts like a sensor.
E N D
Chapter 7 7.5 Intrusion Detection Systems Network Security / G.Steffen
In This Section • Intrusion Detection Systems (IDS) • Types of IDSs • IDS Strengths & Limitations Network Security / G.Steffen
Intrusion Detection Systems (IDSs) • IDS is a device that monitors activity to identify malicious or suspicious events. • It acts like a sensor. • It can perform a variety of functions such as: • Monitoring users & system activity • Auditing system configuration • Assessing the integrity of critical system & data files • Identifying abnormal activity • Correcting system configuration errors Network Security / G.Steffen
Types of IDSs 1 • Signature-based IDS • It performs simple pattern-matching & report situations that matches a pattern corresponding to a known attack type. • It tends to use statistical analysis • The problem is the signature itself • Heuristic IDS (Anomaly based IDS) • It builds a model of acceptable behavior & flag exceptions to that model Network Security / G.Steffen
Types of IDSs 2 • Network-based IDS • It is a stand-alone device attached to the network to monitor traffic throughout that network. • Host-based IDS • It runs on a single workstation or client/host to protect that one host. • State-based IDS – It sees the system going through changes of overall state or configuration • Model-based IDS • Misuse ID – In this the real activity is compared against a known suspicious area. Network Security / G.Steffen
Stealth Mode • Most IDSs run in stealth mode Stealth Mode IDS Connected to Two Networks Network Security / G.Steffen
Design Approach for an IDS • Filter on packet headers • Filter on packet content • Maintain connection state • Use complex, multi packet signatures • Filter in real time, online • Hide its presence • Use minimal number of signatures with maximum effect • Use optimal sliding time window size to match segments Network Security / G.Steffen
IDS Strengths & Limitations • Upside of IDSs • It can detect ever-growing number of serious problems • Evolving with time • Continuous improvement • Downside of IDSs • It is sensitive, therefore difficult to measure and adjust • It does not run itself Network Security / G.Steffen