1 / 20

IDPS (Intrusion Detection & Prevention System )

IDPS (Intrusion Detection & Prevention System ). By Varang Amin (004805672) Guided By Prof. Richard Sinn. Agenda. Introduction IDPS Why IDPS Detection Engine Features &Functions Evaluation Test Case Future Available IDPS in Market. Introduction. Secure Environment.

penny
Download Presentation

IDPS (Intrusion Detection & Prevention System )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IDPS (Intrusion Detection & Prevention System ) By Varang Amin (004805672) Guided By Prof. Richard Sinn

  2. Agenda • Introduction • IDPS • Why IDPS • Detection Engine • Features &Functions • Evaluation • Test Case • Future • Available IDPS in Market

  3. Introduction • Secure Environment

  4. Introduction • Various options are available • IDPS , based on behavior of network and contents of each and every packet. • Firewall , based on Access Control List . • VPN,communication network tunneled through public network.

  5. Why IDPS…… • Firewall ,based on policy defined in Access Control List • Policy based filtering when session is established • Not able to check each packet in network • Tend to stop search when find any match. • Able to shutdown the connection but not able to throttle the traffic

  6. IDPS • Detection method • Specification Detection , based on the application reorganization rules for detecting application and attacks. • Anomaly Detection, based on the behavior of the available pattern in IDPS . • Integrity Check , detection based on hash values and signatures for verify the integrity of data.

  7. Architecture of Detection Engine Fig

  8. Deployment IPS • Network Based • Host Based • Hybrid

  9. Deployment & Working Principals

  10. IDPS Terminology • Signatures , basically regular or fixed expression . • Depth Of Search • Offset Example : • Regular Expressions • eDonkey Login Connection “\xe3.{4}[\x01\xc5] ”

  11. Continue………. • Fixed Expression • eDonkey File sharing Connection “http://emul-Projectinfo.org” • Implemented with the help of sniffers.

  12. Continue…. • Traffic Anomaly Throttle the network traffic. • Protocol Anomaly For Standard Service • False Positives Incorrect application detected . • False Negatives Application Not Detected

  13. Evaluation of IDPS • Generate some manual traffic of open source attacks . • IXIA • Smart bits • Existing service from Windows or Linux OS.

  14. Test Case 1 • By pass the IPS.

  15. Test Case 2 • Fragment the Attack

  16. Test Case 3 • TTL based attacks

  17. Future Enhancement …… • Can be more sophisticated application • Session Monitoring • Learning • UTM

  18. IDPS Example • Cisco 6000 Family IDS • Snap Gear by Secure Computing • Linux IP Tables (Open Source) • Snort • Intrupro • Sonic Wall Gateway

  19. References • Article “IDS Evaluation” published on Network world Magazine . • Insertion, Evasion and Denial Of Service:-Eluding Network Intrusion detection System -Thomas H. Ptacek, Timothy N. Newsham . • www.securityfocus.com

  20. Thanks • Question ????

More Related