1 / 13

Intrusion Detection Systems

Intrusion Detection Systems. Tristan Walters Rayce West. Overview. Definition – What is intrusion detection and intrusion detection systems(IDS) Characteristics of Intrusion Detection Systems Typical Components of Intrusion Detection Systems Types of Intrusion Detection Systems

tanek
Download Presentation

Intrusion Detection Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection Systems Tristan Walters Rayce West

  2. Overview • Definition – What is intrusion detection and intrusion detection systems(IDS) • Characteristics of Intrusion Detection Systems • Typical Components of Intrusion Detection Systems • Types of Intrusion Detection Systems • Network-Based • Host-Based • Wireless • Conclusion

  3. Definition • Intrusion Detection • The process of monitoring and analyzing a computer system or network for suspicious behavior or potential threats • Intrusion Detection Systems • The software and/or hardware that automate the process of monitoring events on a system or network and analyzing gathered information for intrusions

  4. Characteristics • Information recording • Logging gathered information • Analyzing information • Notifying system administrators • Reports

  5. Typical components • Sensors • Collect data from various sources. • Network packets, log files, etc • Management Servers • Analyze information collected by sensors • Can decide if an intrusion is occurring and take action • User Interface • Typically a software tool for system admins • Allows admin interaction with the IDS • Databases • Store sensor gathered data, logging information, etc

  6. Network-based ids • Monitors computer networks for possible intruders • Analyzes network traffic and transport/application protocols • Primary component • Sensors - • Inline – sensors placed in direct network traffic flow • Passive – sensors connected to the network from the outside • Logging • Focuses on network information • IP addresses/MAC addresses, transportation protocols, etc

  7. Inline sensor

  8. Passive sensor

  9. HOST-based IDS • Monitors events on a single host machine for attacks • Code analysis – malicious code, buffer overflows • Running applications • Changes in the host network settings • File system monitoring – access and integrity • Primary component • Agents – Software installed on the host that monitors and communicates with the management server • Logging • Focuses on application information, file paths and names, user information

  10. Hids architecture

  11. Wireless Ids • Very similar to NIDS. Monitors wireless networks rather than physical • Analyzes wireless network protocols for suspicious activity • Primary Component • Sensors – samples frequency channels for malicious activities • Channel Scanning – constantly scans different channels in different frequency bands • Fixed sensors – a sensor placed in a fixed location • Mobile sensors – sensors that allow movement around a network • Logging • Channel numbers, sensor ID that observed a malicious event, source MAC address

  12. Wireless IDS setup

  13. Conclusion • There are a variety of different IDSs that contain a variety of components • IDSs are essential in any organization and institute that handle important data • Very helpful for system administrators

More Related