1 / 16

Intrusion Prevention

Intrusion Prevention. Network Security Evan Roggenkamp. Summary. Intrusion Detection Intrusion Prevention Types: NIPS, WIPS, NBA, HIPS Typical Components Overview. Common Detection Methodologies. Signature-Based Detection Anomaly-Based Detection Stateful Protocol Analysis.

archer
Download Presentation

Intrusion Prevention

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Prevention Network Security Evan Roggenkamp

  2. Summary • Intrusion Detection • Intrusion Prevention • Types: NIPS, WIPS, NBA, HIPS • Typical Components Overview

  3. Common Detection Methodologies • Signature-Based Detection • Anomaly-Based Detection • Stateful Protocol Analysis

  4. IDPS Technologies Typical components of an IDPS solution are as follows: • Sensor or Agent • Management Server • Database Server • Console

  5. Network Based Typical components of Network Based IDPS are as follows: • Appliance • Software Only • Sensors • Information Gathered • Detection Capabilities

  6. Examples of Network-Based Intrusion Detection Tools • Snort (runs on Unix, Linux, Windows) • RealSecure(Unix, Linux, Windows) • Symantec Intrusion Detection (Unix, Linux)) • Dragon (Unix and Linux) • Network Flight Recorder (NFR) (Unix, Linux, Windows)

  7. Network-Based IDPS Architecture • Inline • Passive

  8. Wireless IDPS • Typical Components are the same as network-based IDPS: Console, Database, Servers (optional), management servers, and sensors. Wireless sensors: • Dedicated • Fixed • Mobile • Bundled with AP • Bundled with Wireless Switch • Sensor Locations • Information Gathered • Detection Capabilities

  9. Wireless IDPS Architecture

  10. Network Behavior Analysis • Typical Components are Sensors and Consoles, with some products offering management servers (analyzers). • Sensors • Information Gathered • Detection Capabilities

  11. NBA Architecture

  12. Host-Based IDPS • Typical Components • Agent Locations & Host Architectures • Detection Capabilities

  13. Host-Based IDPS Architecture

  14. Performance Requirements • Configuration and tuning • Performance VS Detection • Appliance-Based • No open standards

  15. Design and Implementation • Reliability • Interoperability • Scalability • Security

  16. Sources • http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf • http://www.symantec.com/connect/articles/intrusion-prevention-systems-next-step-evolution-ids • Wikipedia • http://www.sfisaca.org/events/conference04/presentations/E21-Intrusion-Detection-and-Intrusion-Prevention.pdf

More Related