1 / 9

Prevent Anomalous Activities (from the inside)

By: Surapheal Belay ITEC 6322 / Spring 2009. Prevent Anomalous Activities (from the inside). ABSTRACT.

brooks
Download Presentation

Prevent Anomalous Activities (from the inside)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. By: Surapheal Belay ITEC 6322 / Spring 2009 PreventAnomalousActivities(from the inside)

  2. ABSTRACT NIST 800-94, guide to intrusion detection and prevention systems (IDPS), discusses four types of IDPS technologies. IDPS is the process of monitoring the events occurring in a computer network and analyzing them for signs of possible incidents.

  3. PROBLEM STATEMENT • Nonetheless, how do you secure a threat that is not external but internal? What happens when intrusion detection and prevention system does not catch the threat? • The solution would be a network behavior analysis tool.

  4. RELEVANCE/IMPORTANCE

  5. WHAT IS UNUSUAL TRAFFIC FLOWS? NIST explains unusual traffic flows as anything outside of the baseline. For example, distributed denial of service (DDoS) attacks, certain forms of malware (e.g., worms, backdoors), and policy violations (e.g., a client system providing network services to other systems).

  6. WHAT IS NETWORK BEHAVIOR ANALYSIS? • Network behavior analysis provides a variety of security capabilities; such as, information gathering, logging, detection, and prevention.

  7. NETWORK MONITORING TO PREVENT MALICIOUS ACTIVITIES • Flow Matrix by Akma Labs is a free security tool that provides network behavioral analysis and anomaly detection. • Scrutinizer by Plixer International provides the same service as Flow Matrix along with more services for detection, logging, and a much better GUI design that is easy to read.

  8. SUMMARY Network behavior analysis (NBA) is a way to enhance the security of a computer network by monitoring traffic and noting unusual actions or departures from normal operation. Conventional IDPS solutions defend a network's perimeter by using packet inspection, signature detection and real-time blocking. NBA solutions watch what's happening inside the network.

  9. REFERENCES • http://www.plixer.com/products/scrutinizer.php • http://www.akmalabs.com/flowmatrix.php • http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1225491,00.html • http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf • http://www.forbes.com/feeds/ap/2009/05/07/ap6394254.html • http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=212901505 • http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm • http://www.computerweekly.com/Articles/2008/01/17/228976/ikea-plugs-website-security-breach.htm • http://cpanelsecurity.com/2008/01/17/ikea-plugs-website-security-breach-computer-weekly/

More Related