1 / 8

Chapter 7

Chapter 7. 7.5 Intrusion Detection Systems. In This Section. Intrusion Detection Systems (IDS) Types of IDSs IDS Strengths & Limitations. Intrusion Detection Systems (IDSs). IDS is a device that monitors activity to identify malicious or suspicious events. It acts like a sensor.

trinh
Download Presentation

Chapter 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 7 7.5 Intrusion Detection Systems Network Security / G.Steffen

  2. In This Section • Intrusion Detection Systems (IDS) • Types of IDSs • IDS Strengths & Limitations Network Security / G.Steffen

  3. Intrusion Detection Systems (IDSs) • IDS is a device that monitors activity to identify malicious or suspicious events. • It acts like a sensor. • It can perform a variety of functions such as: • Monitoring users & system activity • Auditing system configuration • Assessing the integrity of critical system & data files • Identifying abnormal activity • Correcting system configuration errors Network Security / G.Steffen

  4. Types of IDSs 1 • Signature-based IDS • It performs simple pattern-matching & report situations that matches a pattern corresponding to a known attack type. • It tends to use statistical analysis • The problem is the signature itself • Heuristic IDS (Anomaly based IDS) • It builds a model of acceptable behavior & flag exceptions to that model Network Security / G.Steffen

  5. Types of IDSs 2 • Network-based IDS • It is a stand-alone device attached to the network to monitor traffic throughout that network. • Host-based IDS • It runs on a single workstation or client/host to protect that one host. • State-based IDS – It sees the system going through changes of overall state or configuration • Model-based IDS • Misuse ID – In this the real activity is compared against a known suspicious area. Network Security / G.Steffen

  6. Stealth Mode • Most IDSs run in stealth mode Stealth Mode IDS Connected to Two Networks Network Security / G.Steffen

  7. Design Approach for an IDS • Filter on packet headers • Filter on packet content • Maintain connection state • Use complex, multi packet signatures • Filter in real time, online • Hide its presence • Use minimal number of signatures with maximum effect • Use optimal sliding time window size to match segments Network Security / G.Steffen

  8. IDS Strengths & Limitations • Upside of IDSs • It can detect ever-growing number of serious problems • Evolving with time • Continuous improvement • Downside of IDSs • It is sensitive, therefore difficult to measure and adjust • It does not run itself Network Security / G.Steffen

More Related